Windows Analysis Report
wmKmOQ868z.exe

AI detected suspicious sample

Source: Yara match

File source: 00000004.00000002.3339767606.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: wmKmOQ868z.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 162.240.106.189:443 -> 192.168.2.5:49757 version: TLS 1.2

Source: wmKmOQ868z.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: wmKmOQ868z.exe, 00000004.00000003.3010655343.00000000326C6000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032870000.00000040.00001000.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008542266.000000003251B000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032A0E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: wmKmOQ868z.exe, wmKmOQ868z.exe, 00000004.00000003.3010655343.00000000326C6000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032870000.00000040.00001000.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008542266.000000003251B000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032A0E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_00405C60 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C60
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_004068B1 FindFirstFileW,FindClose,		0_2_004068B1

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:49756
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49757 -> 162.240.106.189:443

Source: global traffic

HTTP traffic detected: GET /LNRHXbp85.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: comercializadoradeinsumos.clCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /LNRHXbp85.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: comercializadoradeinsumos.clCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: comercializadoradeinsumos.cl

Source: wmKmOQ868z.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: wmKmOQ868z.exe	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: wmKmOQ868z.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wmKmOQ868z.exe	String found in binary or memory: http://www.apple.com/appleca0
Source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: wmKmOQ868z.exe, 00000004.00000001.2652302474.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: wmKmOQ868z.exe, 00000004.00000001.2652302474.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: wmKmOQ868z.exe, 00000004.00000003.3008838276.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3009015750.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341099454.0000000002766000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/
Source: wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008838276.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3009015750.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341099454.0000000002766000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341017926.00000000026F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/LNRHXbp85.bin
Source: wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/LNRHXbp85.binOp
Source: wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/LNRHXbp85.bin_p
Source: wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/LNRHXbp85.binz
Source: wmKmOQ868z.exe, 00000004.00000003.3008838276.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3009015750.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341099454.0000000002766000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comercializadoradeinsumos.cl/X
Source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: wmKmOQ868z.exe	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757

Source: unknown

HTTPS traffic detected: 162.240.106.189:443 -> 192.168.2.5:49757 version: TLS 1.2

E-Banking Fraud

Source: Yara match

File source: 00000004.00000002.3339767606.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E35C0 NtCreateMutant,LdrInitializeThunk,	4_2_328E35C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2C70 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_328E2C70
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E3090 NtSetValueKey,	4_2_328E3090
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E3010 NtOpenDirectoryObject,	4_2_328E3010
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E39B0 NtGetContextThread,	4_2_328E39B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E3D10 NtOpenProcessToken,	4_2_328E3D10
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E3D70 NtOpenThread,	4_2_328E3D70
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E4340 NtSetContextThread,	4_2_328E4340
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E4650 NtSuspendThread,	4_2_328E4650
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2AB0 NtWaitForSingleObject,	4_2_328E2AB0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2AD0 NtReadFile,	4_2_328E2AD0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2AF0 NtWriteFile,	4_2_328E2AF0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2B80 NtQueryInformationFile,	4_2_328E2B80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2BA0 NtEnumerateValueKey,	4_2_328E2BA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2BE0 NtQueryValueKey,	4_2_328E2BE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2BF0 NtAllocateVirtualMemory,	4_2_328E2BF0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2B60 NtClose,	4_2_328E2B60
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2E80 NtReadVirtualMemory,	4_2_328E2E80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2EA0 NtAdjustPrivilegesToken,	4_2_328E2EA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2EE0 NtQueueApcThread,	4_2_328E2EE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2E30 NtWriteVirtualMemory,	4_2_328E2E30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2F90 NtProtectVirtualMemory,	4_2_328E2F90
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2FA0 NtQuerySection,	4_2_328E2FA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2FB0 NtResumeThread,	4_2_328E2FB0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2FE0 NtCreateFile,	4_2_328E2FE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2F30 NtCreateSection,	4_2_328E2F30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2F60 NtCreateProcessEx,	4_2_328E2F60
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2CA0 NtQueryInformationToken,	4_2_328E2CA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2CC0 NtQueryVirtualMemory,	4_2_328E2CC0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2CF0 NtOpenProcess,	4_2_328E2CF0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2C00 NtQueryInformationProcess,	4_2_328E2C00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2C60 NtCreateKey,	4_2_328E2C60
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2DB0 NtEnumerateKey,	4_2_328E2DB0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2DD0 NtDelayExecution,	4_2_328E2DD0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2DF0 NtQuerySystemInformation,	4_2_328E2DF0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2D00 NtSetInformationFile,	4_2_328E2D00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2D10 NtMapViewOfSection,	4_2_328E2D10
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E2D30 NtUnmapViewOfSection,	4_2_328E2D30

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 0_2_0040352F EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040352F

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File created: C:\Windows\resources\primy.ini

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_6F701BFF	0_2_6F701BFF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B52A0	4_2_328B52A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F739A	4_2_328F739A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296132D	4_2_3296132D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D34C	4_2_3289D34C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F0CC	4_2_3295F0CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296F0E0	4_2_3296F0E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329670E9	4_2_329670E9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BB1B0	4_2_328BB1B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E516C	4_2_328E516C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297B16B	4_2_3297B16B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329616CC	4_2_329616CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296F7B0	4_2_3296F7B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296F43F	4_2_3296F43F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294D5B0	4_2_3294D5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32967571	4_2_32967571
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F5AA0	4_2_328F5AA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32951AA3	4_2_32951AA3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294DAAC	4_2_3294DAAC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295DAC6	4_2_3295DAC6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32967A46	4_2_32967A46
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296FA49	4_2_3296FA49
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32923A6C	4_2_32923A6C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CFB80	4_2_328CFB80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32925BF0	4_2_32925BF0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328EDBF9	4_2_328EDBF9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296FB76	4_2_3296FB76
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B38E0	4_2_328B38E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D800	4_2_3291D800
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32945910	4_2_32945910
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B9950	4_2_328B9950
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB950	4_2_328CB950
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B9EB0	4_2_328B9EB0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1F92	4_2_328B1F92
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296FFB1	4_2_3296FFB1
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296FF09	4_2_3296FF09
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296FCF2	4_2_3296FCF2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32929C32	4_2_32929C32
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CFDC0	4_2_328CFDC0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3D40	4_2_328B3D40
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32961D5A	4_2_32961D5A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32967D73	4_2_32967D73
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329302C0	4_2_329302C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32950274	4_2_32950274
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329703E6	4_2_329703E6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BE3F0	4_2_328BE3F0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296A352	4_2_3296A352
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32942000	4_2_32942000
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329641A2	4_2_329641A2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329701AA	4_2_329701AA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329681CC	4_2_329681CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A0100	4_2_328A0100
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294A118	4_2_3294A118
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32938158	4_2_32938158
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CC6E0	4_2_328CC6E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AC7C0	4_2_328AC7C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D4750	4_2_328D4750
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B0770	4_2_328B0770
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295E4F6	4_2_3295E4F6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32954420	4_2_32954420
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32962446	4_2_32962446
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32970591	4_2_32970591
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B0535	4_2_328B0535
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AEA80	4_2_328AEA80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32966BD7	4_2_32966BD7
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296AB40	4_2_3296AB40
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328968B8	4_2_328968B8
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DE8F0	4_2_328DE8F0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BA840	4_2_328BA840
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B2840	4_2_328B2840
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B29A0	4_2_328B29A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297A9A6	4_2_3297A9A6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C6962	4_2_328C6962
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296CE93	4_2_3296CE93
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C2E90	4_2_328C2E90
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296EEDB	4_2_3296EEDB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296EE26	4_2_3296EE26
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B0E59	4_2_328B0E59
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292EFA0	4_2_3292EFA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A2FC8	4_2_328A2FC8
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BCFE0	4_2_328BCFE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32952F30	4_2_32952F30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F2F28	4_2_328F2F28
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D0F30	4_2_328D0F30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32924F40	4_2_32924F40
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32950CB5	4_2_32950CB5
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A0CF2	4_2_328A0CF2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B0C00	4_2_328B0C00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C8DBF	4_2_328C8DBF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AADE0	4_2_328AADE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BAD00	4_2_328BAD00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294CD1F	4_2_3294CD1F

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: String function: 3291EA12 appears 86 times
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: String function: 3289B970 appears 280 times
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: String function: 328F7E54 appears 102 times
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: String function: 3292F290 appears 105 times
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: String function: 328E5130 appears 58 times

Source: wmKmOQ868z.exe

Static PE information: invalid certificate

Source: wmKmOQ868z.exe, 00000000.00000000.2046009845.00000000007F6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamealbuestdene nondisparate.exe4 vs wmKmOQ868z.exe
Source: wmKmOQ868z.exe, 00000004.00000000.2651761696.00000000007F6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamealbuestdene nondisparate.exe4 vs wmKmOQ868z.exe
Source: wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032B41000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs wmKmOQ868z.exe
Source: wmKmOQ868z.exe, 00000004.00000003.3010655343.00000000327F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs wmKmOQ868z.exe
Source: wmKmOQ868z.exe, 00000004.00000003.3008542266.000000003263E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs wmKmOQ868z.exe
Source: wmKmOQ868z.exe	Binary or memory string: OriginalFilenamealbuestdene nondisparate.exe4 vs wmKmOQ868z.exe

Source: wmKmOQ868z.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal88.troj.evad.winEXE@2/12@1/1

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

0_2_0040352F

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File created: C:\Users\user\imaums

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File created: C:\Users\user\AppData\Local\Temp\nsgCCB6.tmp

Source: wmKmOQ868z.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: wmKmOQ868z.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File read: C:\Users\user\Desktop\wmKmOQ868z.exe

Source: unknown	Process created: C:\Users\user\Desktop\wmKmOQ868z.exe "C:\Users\user\Desktop\wmKmOQ868z.exe"
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Process created: C:\Users\user\Desktop\wmKmOQ868z.exe "C:\Users\user\Desktop\wmKmOQ868z.exe"

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File written: C:\Windows\Resources\primy.ini

Opens the same file many times (likely Sandbox evasion)

Source: wmKmOQ868z.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: wmKmOQ868z.exe, 00000004.00000003.3010655343.00000000326C6000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032870000.00000040.00001000.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008542266.000000003251B000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032A0E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: wmKmOQ868z.exe, wmKmOQ868z.exe, 00000004.00000003.3010655343.00000000326C6000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032870000.00000040.00001000.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008542266.000000003251B000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3362178901.0000000032A0E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.2653654327.0000000003020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 0_2_6F701BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F701BFF

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_6F7030C0 push eax; ret		0_2_6F7030EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A09AD push ecx; mov dword ptr [esp], ecx		4_2_328A09B6

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File created: C:\Users\user\AppData\Local\Temp\nsx116.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

File opened: C:\Program Files (x86)\salinity\hypophyllum.ter count: 40090

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	API/Special instruction interceptor: Address: 34B1E59
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	API/Special instruction interceptor: Address: 1C11E59

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	RDTSC instruction interceptor: First address: 347A901 second address: 347A901 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FC2F8534996h 0x00000006 inc ebp 0x00000007 cmp cl, al 0x00000009 inc ebx 0x0000000a cmp bl, al 0x0000000c rdtsc
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	RDTSC instruction interceptor: First address: 1BDA901 second address: 1BDA901 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FC2F8FB8F76h 0x00000006 inc ebp 0x00000007 cmp cl, al 0x00000009 inc ebx 0x0000000a cmp bl, al 0x0000000c rdtsc

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 4_2_3291D1C0 rdtsc

4_2_3291D1C0

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx116.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

API coverage: 0.1 %

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_00405C60 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C60
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 0_2_004068B1 FindFirstFileW,FindClose,		0_2_004068B1

Source: wmKmOQ868z.exe, 00000000.00000002.2652875004.0000000000928000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:44
Source: wmKmOQ868z.exe, 00000004.00000002.3341099454.000000000277A000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3008838276.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	API call chain: ExitProcess graph end node			graph_0-2648
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	API call chain: ExitProcess graph end node			graph_0-2868

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 4_2_3291D1C0 rdtsc

4_2_3291D1C0

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 4_2_328E35C0 NtCreateMutant,LdrInitializeThunk,

4_2_328E35C0

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

Code function: 0_2_6F701BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F701BFF

Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D329E mov eax, dword ptr fs:[00000030h]	4_2_328D329E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D329E mov eax, dword ptr fs:[00000030h]	4_2_328D329E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975283 mov eax, dword ptr fs:[00000030h]	4_2_32975283
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B52A0 mov eax, dword ptr fs:[00000030h]	4_2_328B52A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B52A0 mov eax, dword ptr fs:[00000030h]	4_2_328B52A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B52A0 mov eax, dword ptr fs:[00000030h]	4_2_328B52A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B52A0 mov eax, dword ptr fs:[00000030h]	4_2_328B52A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329292BC mov eax, dword ptr fs:[00000030h]	4_2_329292BC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329292BC mov eax, dword ptr fs:[00000030h]	4_2_329292BC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329292BC mov ecx, dword ptr fs:[00000030h]	4_2_329292BC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329292BC mov ecx, dword ptr fs:[00000030h]	4_2_329292BC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329692A6 mov eax, dword ptr fs:[00000030h]	4_2_329692A6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329692A6 mov eax, dword ptr fs:[00000030h]	4_2_329692A6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329692A6 mov eax, dword ptr fs:[00000030h]	4_2_329692A6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329692A6 mov eax, dword ptr fs:[00000030h]	4_2_329692A6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329372A0 mov eax, dword ptr fs:[00000030h]	4_2_329372A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329372A0 mov eax, dword ptr fs:[00000030h]	4_2_329372A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB2C0 mov eax, dword ptr fs:[00000030h]	4_2_328CB2C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A92C5 mov eax, dword ptr fs:[00000030h]	4_2_328A92C5
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A92C5 mov eax, dword ptr fs:[00000030h]	4_2_328A92C5
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B2D3 mov eax, dword ptr fs:[00000030h]	4_2_3289B2D3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B2D3 mov eax, dword ptr fs:[00000030h]	4_2_3289B2D3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B2D3 mov eax, dword ptr fs:[00000030h]	4_2_3289B2D3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF2D0 mov eax, dword ptr fs:[00000030h]	4_2_328CF2D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF2D0 mov eax, dword ptr fs:[00000030h]	4_2_328CF2D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B2F0 mov eax, dword ptr fs:[00000030h]	4_2_3294B2F0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B2F0 mov eax, dword ptr fs:[00000030h]	4_2_3294B2F0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F2F8 mov eax, dword ptr fs:[00000030h]	4_2_3295F2F8
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329752E2 mov eax, dword ptr fs:[00000030h]	4_2_329752E2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328992FF mov eax, dword ptr fs:[00000030h]	4_2_328992FF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329512ED mov eax, dword ptr fs:[00000030h]	4_2_329512ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D7208 mov eax, dword ptr fs:[00000030h]	4_2_328D7208
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D7208 mov eax, dword ptr fs:[00000030h]	4_2_328D7208
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975227 mov eax, dword ptr fs:[00000030h]	4_2_32975227
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D724D mov eax, dword ptr fs:[00000030h]	4_2_328D724D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292D250 mov ecx, dword ptr fs:[00000030h]	4_2_3292D250
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295B256 mov eax, dword ptr fs:[00000030h]	4_2_3295B256
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295B256 mov eax, dword ptr fs:[00000030h]	4_2_3295B256
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899240 mov eax, dword ptr fs:[00000030h]	4_2_32899240
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899240 mov eax, dword ptr fs:[00000030h]	4_2_32899240
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C9274 mov eax, dword ptr fs:[00000030h]	4_2_328C9274
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296D26B mov eax, dword ptr fs:[00000030h]	4_2_3296D26B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296D26B mov eax, dword ptr fs:[00000030h]	4_2_3296D26B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E1270 mov eax, dword ptr fs:[00000030h]	4_2_328E1270
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E1270 mov eax, dword ptr fs:[00000030h]	4_2_328E1270
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297539D mov eax, dword ptr fs:[00000030h]	4_2_3297539D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F739A mov eax, dword ptr fs:[00000030h]	4_2_328F739A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F739A mov eax, dword ptr fs:[00000030h]	4_2_328F739A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C33A5 mov eax, dword ptr fs:[00000030h]	4_2_328C33A5
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D33A0 mov eax, dword ptr fs:[00000030h]	4_2_328D33A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D33A0 mov eax, dword ptr fs:[00000030h]	4_2_328D33A0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329413B9 mov eax, dword ptr fs:[00000030h]	4_2_329413B9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329413B9 mov eax, dword ptr fs:[00000030h]	4_2_329413B9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329413B9 mov eax, dword ptr fs:[00000030h]	4_2_329413B9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295B3D0 mov ecx, dword ptr fs:[00000030h]	4_2_3295B3D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329753FC mov eax, dword ptr fs:[00000030h]	4_2_329753FC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F3E6 mov eax, dword ptr fs:[00000030h]	4_2_3295F3E6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292930B mov eax, dword ptr fs:[00000030h]	4_2_3292930B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292930B mov eax, dword ptr fs:[00000030h]	4_2_3292930B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292930B mov eax, dword ptr fs:[00000030h]	4_2_3292930B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF32A mov eax, dword ptr fs:[00000030h]	4_2_328CF32A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897330 mov eax, dword ptr fs:[00000030h]	4_2_32897330
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296132D mov eax, dword ptr fs:[00000030h]	4_2_3296132D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296132D mov eax, dword ptr fs:[00000030h]	4_2_3296132D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D34C mov eax, dword ptr fs:[00000030h]	4_2_3289D34C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D34C mov eax, dword ptr fs:[00000030h]	4_2_3289D34C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975341 mov eax, dword ptr fs:[00000030h]	4_2_32975341
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899353 mov eax, dword ptr fs:[00000030h]	4_2_32899353
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899353 mov eax, dword ptr fs:[00000030h]	4_2_32899353
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32943370 mov eax, dword ptr fs:[00000030h]	4_2_32943370
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F367 mov eax, dword ptr fs:[00000030h]	4_2_3295F367
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A7370 mov eax, dword ptr fs:[00000030h]	4_2_328A7370
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A7370 mov eax, dword ptr fs:[00000030h]	4_2_328A7370
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A7370 mov eax, dword ptr fs:[00000030h]	4_2_328A7370
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D08D mov eax, dword ptr fs:[00000030h]	4_2_3289D08D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D909C mov eax, dword ptr fs:[00000030h]	4_2_328D909C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292D080 mov eax, dword ptr fs:[00000030h]	4_2_3292D080
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292D080 mov eax, dword ptr fs:[00000030h]	4_2_3292D080
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A5096 mov eax, dword ptr fs:[00000030h]	4_2_328A5096
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CD090 mov eax, dword ptr fs:[00000030h]	4_2_328CD090
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CD090 mov eax, dword ptr fs:[00000030h]	4_2_328CD090
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov ecx, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov ecx, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov ecx, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov ecx, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B70C0 mov eax, dword ptr fs:[00000030h]	4_2_328B70C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329750D9 mov eax, dword ptr fs:[00000030h]	4_2_329750D9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D0C0 mov eax, dword ptr fs:[00000030h]	4_2_3291D0C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D0C0 mov eax, dword ptr fs:[00000030h]	4_2_3291D0C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C90DB mov eax, dword ptr fs:[00000030h]	4_2_328C90DB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C50E4 mov eax, dword ptr fs:[00000030h]	4_2_328C50E4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C50E4 mov ecx, dword ptr fs:[00000030h]	4_2_328C50E4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296903E mov eax, dword ptr fs:[00000030h]	4_2_3296903E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296903E mov eax, dword ptr fs:[00000030h]	4_2_3296903E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296903E mov eax, dword ptr fs:[00000030h]	4_2_3296903E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296903E mov eax, dword ptr fs:[00000030h]	4_2_3296903E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294705E mov ebx, dword ptr fs:[00000030h]	4_2_3294705E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294705E mov eax, dword ptr fs:[00000030h]	4_2_3294705E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CB052 mov eax, dword ptr fs:[00000030h]	4_2_328CB052
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D070 mov ecx, dword ptr fs:[00000030h]	4_2_3291D070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975060 mov eax, dword ptr fs:[00000030h]	4_2_32975060
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov ecx, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B1070 mov eax, dword ptr fs:[00000030h]	4_2_328B1070
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292106E mov eax, dword ptr fs:[00000030h]	4_2_3292106E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32955180 mov eax, dword ptr fs:[00000030h]	4_2_32955180
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32955180 mov eax, dword ptr fs:[00000030h]	4_2_32955180
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328F7190 mov eax, dword ptr fs:[00000030h]	4_2_328F7190
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329511A4 mov eax, dword ptr fs:[00000030h]	4_2_329511A4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329511A4 mov eax, dword ptr fs:[00000030h]	4_2_329511A4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329511A4 mov eax, dword ptr fs:[00000030h]	4_2_329511A4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329511A4 mov eax, dword ptr fs:[00000030h]	4_2_329511A4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BB1B0 mov eax, dword ptr fs:[00000030h]	4_2_328BB1B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329751CB mov eax, dword ptr fs:[00000030h]	4_2_329751CB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DD1D0 mov eax, dword ptr fs:[00000030h]	4_2_328DD1D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DD1D0 mov ecx, dword ptr fs:[00000030h]	4_2_328DD1D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C51EF mov eax, dword ptr fs:[00000030h]	4_2_328C51EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A51ED mov eax, dword ptr fs:[00000030h]	4_2_328A51ED
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329471F9 mov esi, dword ptr fs:[00000030h]	4_2_329471F9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1131 mov eax, dword ptr fs:[00000030h]	4_2_328A1131
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1131 mov eax, dword ptr fs:[00000030h]	4_2_328A1131
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B136 mov eax, dword ptr fs:[00000030h]	4_2_3289B136
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B136 mov eax, dword ptr fs:[00000030h]	4_2_3289B136
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B136 mov eax, dword ptr fs:[00000030h]	4_2_3289B136
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B136 mov eax, dword ptr fs:[00000030h]	4_2_3289B136
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899148 mov eax, dword ptr fs:[00000030h]	4_2_32899148
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899148 mov eax, dword ptr fs:[00000030h]	4_2_32899148
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899148 mov eax, dword ptr fs:[00000030h]	4_2_32899148
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899148 mov eax, dword ptr fs:[00000030h]	4_2_32899148
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975152 mov eax, dword ptr fs:[00000030h]	4_2_32975152
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933140 mov eax, dword ptr fs:[00000030h]	4_2_32933140
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933140 mov eax, dword ptr fs:[00000030h]	4_2_32933140
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933140 mov eax, dword ptr fs:[00000030h]	4_2_32933140
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A7152 mov eax, dword ptr fs:[00000030h]	4_2_328A7152
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32939179 mov eax, dword ptr fs:[00000030h]	4_2_32939179
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F172 mov eax, dword ptr fs:[00000030h]	4_2_3289F172
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292368C mov eax, dword ptr fs:[00000030h]	4_2_3292368C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292368C mov eax, dword ptr fs:[00000030h]	4_2_3292368C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292368C mov eax, dword ptr fs:[00000030h]	4_2_3292368C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292368C mov eax, dword ptr fs:[00000030h]	4_2_3292368C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D6AA mov eax, dword ptr fs:[00000030h]	4_2_3289D6AA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289D6AA mov eax, dword ptr fs:[00000030h]	4_2_3289D6AA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328976B2 mov eax, dword ptr fs:[00000030h]	4_2_328976B2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328976B2 mov eax, dword ptr fs:[00000030h]	4_2_328976B2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328976B2 mov eax, dword ptr fs:[00000030h]	4_2_328976B2
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D16CF mov eax, dword ptr fs:[00000030h]	4_2_328D16CF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB6C0 mov eax, dword ptr fs:[00000030h]	4_2_328AB6C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F6C7 mov eax, dword ptr fs:[00000030h]	4_2_3295F6C7
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329616CC mov eax, dword ptr fs:[00000030h]	4_2_329616CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329616CC mov eax, dword ptr fs:[00000030h]	4_2_329616CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329616CC mov eax, dword ptr fs:[00000030h]	4_2_329616CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329616CC mov eax, dword ptr fs:[00000030h]	4_2_329616CC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D36EF mov eax, dword ptr fs:[00000030h]	4_2_328D36EF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295D6F0 mov eax, dword ptr fs:[00000030h]	4_2_3295D6F0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CD6E0 mov eax, dword ptr fs:[00000030h]	4_2_328CD6E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CD6E0 mov eax, dword ptr fs:[00000030h]	4_2_328CD6E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329336EE mov eax, dword ptr fs:[00000030h]	4_2_329336EE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D1607 mov eax, dword ptr fs:[00000030h]	4_2_328D1607
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DF603 mov eax, dword ptr fs:[00000030h]	4_2_328DF603
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A3616 mov eax, dword ptr fs:[00000030h]	4_2_328A3616
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A3616 mov eax, dword ptr fs:[00000030h]	4_2_328A3616
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975636 mov eax, dword ptr fs:[00000030h]	4_2_32975636
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F626 mov eax, dword ptr fs:[00000030h]	4_2_3289F626
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9660 mov eax, dword ptr fs:[00000030h]	4_2_328D9660
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9660 mov eax, dword ptr fs:[00000030h]	4_2_328D9660
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3293D660 mov eax, dword ptr fs:[00000030h]	4_2_3293D660
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F78A mov eax, dword ptr fs:[00000030h]	4_2_3295F78A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329737B6 mov eax, dword ptr fs:[00000030h]	4_2_329737B6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295D7B0 mov eax, dword ptr fs:[00000030h]	4_2_3295D7B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295D7B0 mov eax, dword ptr fs:[00000030h]	4_2_3295D7B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289F7BA mov eax, dword ptr fs:[00000030h]	4_2_3289F7BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329297A9 mov eax, dword ptr fs:[00000030h]	4_2_329297A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CD7B0 mov eax, dword ptr fs:[00000030h]	4_2_328CD7B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292F7AF mov eax, dword ptr fs:[00000030h]	4_2_3292F7AF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292F7AF mov eax, dword ptr fs:[00000030h]	4_2_3292F7AF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292F7AF mov eax, dword ptr fs:[00000030h]	4_2_3292F7AF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292F7AF mov eax, dword ptr fs:[00000030h]	4_2_3292F7AF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292F7AF mov eax, dword ptr fs:[00000030h]	4_2_3292F7AF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A57C0 mov eax, dword ptr fs:[00000030h]	4_2_328A57C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A57C0 mov eax, dword ptr fs:[00000030h]	4_2_328A57C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A57C0 mov eax, dword ptr fs:[00000030h]	4_2_328A57C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD7E0 mov ecx, dword ptr fs:[00000030h]	4_2_328AD7E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A5702 mov eax, dword ptr fs:[00000030h]	4_2_328A5702
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A5702 mov eax, dword ptr fs:[00000030h]	4_2_328A5702
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A7703 mov eax, dword ptr fs:[00000030h]	4_2_328A7703
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DF71F mov eax, dword ptr fs:[00000030h]	4_2_328DF71F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DF71F mov eax, dword ptr fs:[00000030h]	4_2_328DF71F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A3720 mov eax, dword ptr fs:[00000030h]	4_2_328A3720
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297B73C mov eax, dword ptr fs:[00000030h]	4_2_3297B73C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297B73C mov eax, dword ptr fs:[00000030h]	4_2_3297B73C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297B73C mov eax, dword ptr fs:[00000030h]	4_2_3297B73C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297B73C mov eax, dword ptr fs:[00000030h]	4_2_3297B73C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF720 mov eax, dword ptr fs:[00000030h]	4_2_328BF720
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF720 mov eax, dword ptr fs:[00000030h]	4_2_328BF720
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF720 mov eax, dword ptr fs:[00000030h]	4_2_328BF720
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A973A mov eax, dword ptr fs:[00000030h]	4_2_328A973A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A973A mov eax, dword ptr fs:[00000030h]	4_2_328A973A
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899730 mov eax, dword ptr fs:[00000030h]	4_2_32899730
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899730 mov eax, dword ptr fs:[00000030h]	4_2_32899730
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D5734 mov eax, dword ptr fs:[00000030h]	4_2_328D5734
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F72E mov eax, dword ptr fs:[00000030h]	4_2_3295F72E
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3296972B mov eax, dword ptr fs:[00000030h]	4_2_3296972B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3740 mov eax, dword ptr fs:[00000030h]	4_2_328B3740
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3740 mov eax, dword ptr fs:[00000030h]	4_2_328B3740
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3740 mov eax, dword ptr fs:[00000030h]	4_2_328B3740
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294375F mov eax, dword ptr fs:[00000030h]	4_2_3294375F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294375F mov eax, dword ptr fs:[00000030h]	4_2_3294375F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294375F mov eax, dword ptr fs:[00000030h]	4_2_3294375F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294375F mov eax, dword ptr fs:[00000030h]	4_2_3294375F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294375F mov eax, dword ptr fs:[00000030h]	4_2_3294375F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32973749 mov eax, dword ptr fs:[00000030h]	4_2_32973749
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B765 mov eax, dword ptr fs:[00000030h]	4_2_3289B765
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B765 mov eax, dword ptr fs:[00000030h]	4_2_3289B765
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B765 mov eax, dword ptr fs:[00000030h]	4_2_3289B765
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B765 mov eax, dword ptr fs:[00000030h]	4_2_3289B765
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B480 mov eax, dword ptr fs:[00000030h]	4_2_3289B480
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A9486 mov eax, dword ptr fs:[00000030h]	4_2_328A9486
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A9486 mov eax, dword ptr fs:[00000030h]	4_2_328A9486
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328974B0 mov eax, dword ptr fs:[00000030h]	4_2_328974B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328974B0 mov eax, dword ptr fs:[00000030h]	4_2_328974B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D34B0 mov eax, dword ptr fs:[00000030h]	4_2_328D34B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329754DB mov eax, dword ptr fs:[00000030h]	4_2_329754DB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329494E0 mov eax, dword ptr fs:[00000030h]	4_2_329494E0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C340D mov eax, dword ptr fs:[00000030h]	4_2_328C340D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32927410 mov eax, dword ptr fs:[00000030h]	4_2_32927410
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B450 mov eax, dword ptr fs:[00000030h]	4_2_3294B450
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B450 mov eax, dword ptr fs:[00000030h]	4_2_3294B450
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B450 mov eax, dword ptr fs:[00000030h]	4_2_3294B450
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B450 mov eax, dword ptr fs:[00000030h]	4_2_3294B450
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F453 mov eax, dword ptr fs:[00000030h]	4_2_3295F453
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AB440 mov eax, dword ptr fs:[00000030h]	4_2_328AB440
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3297547F mov eax, dword ptr fs:[00000030h]	4_2_3297547F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460 mov eax, dword ptr fs:[00000030h]	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460 mov eax, dword ptr fs:[00000030h]	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460 mov eax, dword ptr fs:[00000030h]	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460 mov eax, dword ptr fs:[00000030h]	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1460 mov eax, dword ptr fs:[00000030h]	4_2_328A1460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328BF460 mov eax, dword ptr fs:[00000030h]	4_2_328BF460
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289758F mov eax, dword ptr fs:[00000030h]	4_2_3289758F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289758F mov eax, dword ptr fs:[00000030h]	4_2_3289758F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289758F mov eax, dword ptr fs:[00000030h]	4_2_3289758F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292B594 mov eax, dword ptr fs:[00000030h]	4_2_3292B594
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292B594 mov eax, dword ptr fs:[00000030h]	4_2_3292B594
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3293D5B0 mov eax, dword ptr fs:[00000030h]	4_2_3293D5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3293D5B0 mov eax, dword ptr fs:[00000030h]	4_2_3293D5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15A9 mov eax, dword ptr fs:[00000030h]	4_2_328C15A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15A9 mov eax, dword ptr fs:[00000030h]	4_2_328C15A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15A9 mov eax, dword ptr fs:[00000030h]	4_2_328C15A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15A9 mov eax, dword ptr fs:[00000030h]	4_2_328C15A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15A9 mov eax, dword ptr fs:[00000030h]	4_2_328C15A9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329335BA mov eax, dword ptr fs:[00000030h]	4_2_329335BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329335BA mov eax, dword ptr fs:[00000030h]	4_2_329335BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329335BA mov eax, dword ptr fs:[00000030h]	4_2_329335BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329335BA mov eax, dword ptr fs:[00000030h]	4_2_329335BA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295F5BE mov eax, dword ptr fs:[00000030h]	4_2_3295F5BE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CF5B0 mov eax, dword ptr fs:[00000030h]	4_2_328CF5B0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329735D7 mov eax, dword ptr fs:[00000030h]	4_2_329735D7
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329735D7 mov eax, dword ptr fs:[00000030h]	4_2_329735D7
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329735D7 mov eax, dword ptr fs:[00000030h]	4_2_329735D7
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D5D0 mov eax, dword ptr fs:[00000030h]	4_2_3291D5D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291D5D0 mov ecx, dword ptr fs:[00000030h]	4_2_3291D5D0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D55C0 mov eax, dword ptr fs:[00000030h]	4_2_328D55C0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C95DA mov eax, dword ptr fs:[00000030h]	4_2_328C95DA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_329755C9 mov eax, dword ptr fs:[00000030h]	4_2_329755C9
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C15F4 mov eax, dword ptr fs:[00000030h]	4_2_328C15F4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D7505 mov eax, dword ptr fs:[00000030h]	4_2_328D7505
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D7505 mov ecx, dword ptr fs:[00000030h]	4_2_328D7505
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32975537 mov eax, dword ptr fs:[00000030h]	4_2_32975537
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294F525 mov eax, dword ptr fs:[00000030h]	4_2_3294F525
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295B52F mov eax, dword ptr fs:[00000030h]	4_2_3295B52F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DD530 mov eax, dword ptr fs:[00000030h]	4_2_328DD530
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DD530 mov eax, dword ptr fs:[00000030h]	4_2_328DD530
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328AD534 mov eax, dword ptr fs:[00000030h]	4_2_328AD534
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B550 mov eax, dword ptr fs:[00000030h]	4_2_3294B550
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B550 mov eax, dword ptr fs:[00000030h]	4_2_3294B550
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294B550 mov eax, dword ptr fs:[00000030h]	4_2_3294B550
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289B562 mov eax, dword ptr fs:[00000030h]	4_2_3289B562
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DB570 mov eax, dword ptr fs:[00000030h]	4_2_328DB570
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328DB570 mov eax, dword ptr fs:[00000030h]	4_2_328DB570
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897A80 mov eax, dword ptr fs:[00000030h]	4_2_32897A80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897A80 mov eax, dword ptr fs:[00000030h]	4_2_32897A80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897A80 mov eax, dword ptr fs:[00000030h]	4_2_32897A80
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295FA87 mov eax, dword ptr fs:[00000030h]	4_2_3295FA87
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDAAE mov eax, dword ptr fs:[00000030h]	4_2_328CDAAE
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABAA0 mov eax, dword ptr fs:[00000030h]	4_2_328ABAA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABAA0 mov eax, dword ptr fs:[00000030h]	4_2_328ABAA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289FAA4 mov ecx, dword ptr fs:[00000030h]	4_2_3289FAA4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32951AA3 mov eax, dword ptr fs:[00000030h]	4_2_32951AA3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32951AA3 mov eax, dword ptr fs:[00000030h]	4_2_32951AA3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32951AA3 mov eax, dword ptr fs:[00000030h]	4_2_32951AA3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294DAAC mov ecx, dword ptr fs:[00000030h]	4_2_3294DAAC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294DAAC mov ecx, dword ptr fs:[00000030h]	4_2_3294DAAC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294DAAC mov eax, dword ptr fs:[00000030h]	4_2_3294DAAC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32935AD0 mov eax, dword ptr fs:[00000030h]	4_2_32935AD0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CBADA mov eax, dword ptr fs:[00000030h]	4_2_328CBADA
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32921ACB mov eax, dword ptr fs:[00000030h]	4_2_32921ACB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32921ACB mov ecx, dword ptr fs:[00000030h]	4_2_32921ACB
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289BAE0 mov eax, dword ptr fs:[00000030h]	4_2_3289BAE0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32947A11 mov edi, dword ptr fs:[00000030h]	4_2_32947A11
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D5A01 mov eax, dword ptr fs:[00000030h]	4_2_328D5A01
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D5A01 mov ecx, dword ptr fs:[00000030h]	4_2_328D5A01
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D5A01 mov eax, dword ptr fs:[00000030h]	4_2_328D5A01
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D5A01 mov eax, dword ptr fs:[00000030h]	4_2_328D5A01
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3291DA1D mov eax, dword ptr fs:[00000030h]	4_2_3291DA1D
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328C9A18 mov ecx, dword ptr fs:[00000030h]	4_2_328C9A18
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295FA02 mov eax, dword ptr fs:[00000030h]	4_2_3295FA02
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289BA10 mov eax, dword ptr fs:[00000030h]	4_2_3289BA10
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294BA0B mov eax, dword ptr fs:[00000030h]	4_2_3294BA0B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294BA0B mov eax, dword ptr fs:[00000030h]	4_2_3294BA0B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294BA0B mov eax, dword ptr fs:[00000030h]	4_2_3294BA0B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3294BA0B mov eax, dword ptr fs:[00000030h]	4_2_3294BA0B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDA20 mov eax, dword ptr fs:[00000030h]	4_2_328CDA20
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDA20 mov eax, dword ptr fs:[00000030h]	4_2_328CDA20
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov eax, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov ecx, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov eax, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov eax, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov eax, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328ABA30 mov eax, dword ptr fs:[00000030h]	4_2_328ABA30
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32899A40 mov ecx, dword ptr fs:[00000030h]	4_2_32899A40
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32933A78 mov eax, dword ptr fs:[00000030h]	4_2_32933A78
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295FB97 mov eax, dword ptr fs:[00000030h]	4_2_3295FB97
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9B9F mov eax, dword ptr fs:[00000030h]	4_2_328D9B9F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9B9F mov eax, dword ptr fs:[00000030h]	4_2_328D9B9F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9B9F mov eax, dword ptr fs:[00000030h]	4_2_328D9B9F
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32969B8B mov eax, dword ptr fs:[00000030h]	4_2_32969B8B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32969B8B mov eax, dword ptr fs:[00000030h]	4_2_32969B8B
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDBA0 mov eax, dword ptr fs:[00000030h]	4_2_328CDBA0
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897BCD mov eax, dword ptr fs:[00000030h]	4_2_32897BCD
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32897BCD mov ecx, dword ptr fs:[00000030h]	4_2_32897BCD
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292FBDC mov eax, dword ptr fs:[00000030h]	4_2_3292FBDC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292FBDC mov eax, dword ptr fs:[00000030h]	4_2_3292FBDC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3292FBDC mov eax, dword ptr fs:[00000030h]	4_2_3292FBDC
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A9BC4 mov eax, dword ptr fs:[00000030h]	4_2_328A9BC4
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3BD6 mov eax, dword ptr fs:[00000030h]	4_2_328B3BD6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3BD6 mov eax, dword ptr fs:[00000030h]	4_2_328B3BD6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3BD6 mov eax, dword ptr fs:[00000030h]	4_2_328B3BD6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3BD6 mov eax, dword ptr fs:[00000030h]	4_2_328B3BD6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328B3BD6 mov eax, dword ptr fs:[00000030h]	4_2_328B3BD6
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E1BEF mov eax, dword ptr fs:[00000030h]	4_2_328E1BEF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328E1BEF mov eax, dword ptr fs:[00000030h]	4_2_328E1BEF
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295FBF3 mov eax, dword ptr fs:[00000030h]	4_2_3295FBF3
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov eax, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov eax, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov eax, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov eax, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov eax, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328CDB00 mov edx, dword ptr fs:[00000030h]	4_2_328CDB00
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1B04 mov eax, dword ptr fs:[00000030h]	4_2_328A1B04
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328A1B04 mov eax, dword ptr fs:[00000030h]	4_2_328A1B04
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3295FB0C mov eax, dword ptr fs:[00000030h]	4_2_3295FB0C
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9B28 mov eax, dword ptr fs:[00000030h]	4_2_328D9B28
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_328D9B28 mov eax, dword ptr fs:[00000030h]	4_2_328D9B28
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32935B50 mov eax, dword ptr fs:[00000030h]	4_2_32935B50
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_32935B50 mov eax, dword ptr fs:[00000030h]	4_2_32935B50
Source: C:\Users\user\Desktop\wmKmOQ868z.exe	Code function: 4_2_3289FB4C mov edi, dword ptr fs:[00000030h]	4_2_3289FB4C

Source: C:\Users\user\Desktop\wmKmOQ868z.exe

0_2_0040352F

Stealing of Sensitive Information

Source: Yara match

File source: 00000004.00000002.3339767606.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match

File source: 00000004.00000002.3339767606.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Access Token Manipulation	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
wmKmOQ868z.exe	32%	ReversingLabs	Win32.Trojan.GuLoader
wmKmOQ868z.exe	100%	Avira	HEUR/AGEN.1331786

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsx116.tmp\System.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://comercializadoradeinsumos.cl/	0%	Avira URL Cloud	safe
https://comercializadoradeinsumos.cl/LNRHXbp85.binOp	0%	Avira URL Cloud	safe
https://comercializadoradeinsumos.cl/LNRHXbp85.bin_p	0%	Avira URL Cloud	safe
https://comercializadoradeinsumos.cl/LNRHXbp85.bin	0%	Avira URL Cloud	safe
https://comercializadoradeinsumos.cl/X	0%	Avira URL Cloud	safe
https://comercializadoradeinsumos.cl/LNRHXbp85.binz	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
comercializadoradeinsumos.cl	162.240.106.189	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://comercializadoradeinsumos.cl/LNRHXbp85.bin	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	wmKmOQ868z.exe, 00000004.00000001.2652302474.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	false		high
https://comercializadoradeinsumos.cl/X	wmKmOQ868z.exe, 00000004.00000003.3008838276.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3009015750.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341099454.0000000002766000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ftp.ftp://ftp.gopher.	wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp	false		high
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	wmKmOQ868z.exe, 00000004.00000001.2652302474.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	wmKmOQ868z.exe	false		high
https://comercializadoradeinsumos.cl/	wmKmOQ868z.exe, 00000004.00000003.3008838276.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000003.3009015750.0000000002764000.00000004.00000020.00020000.00000000.sdmp, wmKmOQ868z.exe, 00000004.00000002.3341099454.0000000002766000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://comercializadoradeinsumos.cl/LNRHXbp85.binz	wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://comercializadoradeinsumos.cl/LNRHXbp85.binOp	wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://comercializadoradeinsumos.cl/LNRHXbp85.bin_p	wmKmOQ868z.exe, 00000004.00000002.3341033592.0000000002718000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	wmKmOQ868z.exe, 00000004.00000001.2652302474.0000000000649000.00000020.00000001.01000000.00000007.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.240.106.189	comercializadoradeinsumos.cl	United States		46606	UNIFIEDLAYER-AS-1US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550272
Start date and time:	2024-11-06 16:28:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	wmKmOQ868z.exe renamed because original name is a hash value
Original Sample Name:	f392bfa146ad86308fa464a9505708645f99618d54483cbc6b746b656f26a3fb.exe
Detection:	MAL
Classification:	mal88.troj.evad.winEXE@2/12@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 58% Number of executed functions: 29 Number of non-executed functions: 283
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Stop behavior analysis, all processes terminated

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: wmKmOQ868z.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.240.106.189	rNuevo_Pedido_129149.exe	Get hash	malicious	GuLoader	Browse
162.240.106.189	rNuevo_Pedido_129149.exe	Get hash	malicious	GuLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
comercializadoradeinsumos.cl	rNuevo_Pedido_129149.exe	Get hash	malicious	GuLoader	Browse	162.240.106.189
comercializadoradeinsumos.cl	rNuevo_Pedido_129149.exe	Get hash	malicious	GuLoader	Browse	162.240.106.189

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	6ehOuQ8ifL.exe	Get hash	malicious	AgentTesla	Browse	192.185.13.234
	h0r0zx00x.spc.elf	Get hash	malicious	Mirai	Browse	162.147.246.100
	INVOICE_PO# PUO202300054520249400661.exe	Get hash	malicious	FormBook	Browse	162.241.63.77
	https://tr.apsis.one/e/BQf6Ly_NQaGdZtIyE9-tng/3lrpV7lSSP2Z5s0c5xWdEg/ln_9BtzivhtI_KJQNj5kCuaI/vcJdXtLBbK596W10niZVw8e08muc2sIkVCjdxfo2wWNAJh03ylvMgHM	Get hash	malicious	Unknown	Browse	162.241.114.35
	example.html	Get hash	malicious	Unknown	Browse	69.49.245.172
	Remittance_Ref;-49743170932be73dd68e9130949b1b5dbf8aa216bc0f0729cd.html	Get hash	malicious	Unknown	Browse	69.49.245.172
	Statement.docx	Get hash	malicious	Unknown	Browse	192.185.154.245
	wODub61gZe.exe	Get hash	malicious	FormBook	Browse	162.241.169.207
	fAzUnj6Djg.exe	Get hash	malicious	HawkEye, MailPassView	Browse	192.185.159.182

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	2ULrUoVwTx.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.240.106.189
	p7cCXP3hDz.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.240.106.189
	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.240.106.189
	fIwP4c7xYt.exe	Get hash	malicious	GuLoader	Browse	162.240.106.189
	6b94X7dMrG.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	162.240.106.189
	0hNX6q4DZ0.exe	Get hash	malicious	GuLoader	Browse	162.240.106.189
	3Pd480eWHA.exe	Get hash	malicious	AgentTesla	Browse	162.240.106.189
	N2DJ1eUIE6.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.240.106.189
	SecuriteInfo.com.FileRepMalware.29777.16321.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	162.240.106.189

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsx116.tmp\System.dll	qmt875Vf1A.exe	Get hash	malicious	GuLoader	Browse
	qmt875Vf1A.exe	Get hash	malicious	GuLoader	Browse
	czffIfANiL.exe	Get hash	malicious	GuLoader	Browse
	0GuwV0t2UU.exe	Get hash	malicious	FormBook, GuLoader	Browse
	0GuwV0t2UU.exe	Get hash	malicious	FormBook, GuLoader	Browse
	eXaiza8cQ5.exe	Get hash	malicious	GuLoader	Browse
	eXaiza8cQ5.exe	Get hash	malicious	GuLoader	Browse
	NacahSetup.exe	Get hash	malicious	Unknown	Browse
	NacahSetup.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsx116.tmp\System.dll

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.804946284177748
Encrypted:	false
SSDEEP:	192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
MD5:	192639861E3DC2DC5C08BB8F8C7260D5
SHA1:	58D30E460609E22FA0098BC27D928B689EF9AF78
SHA-256:	23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
SHA-512:	6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: qmt875Vf1A.exe, Detection: malicious, Browse Filename: qmt875Vf1A.exe, Detection: malicious, Browse Filename: czffIfANiL.exe, Detection: malicious, Browse Filename: 0GuwV0t2UU.exe, Detection: malicious, Browse Filename: 0GuwV0t2UU.exe, Detection: malicious, Browse Filename: eXaiza8cQ5.exe, Detection: malicious, Browse Filename: eXaiza8cQ5.exe, Detection: malicious, Browse Filename: NacahSetup.exe, Detection: malicious, Browse Filename: NacahSetup.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\fygningers.hom

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	391326
Entropy (8bit):	1.2598991897339225
Encrypted:	false
SSDEEP:	768:GcJYS2pZ+e16MV4+KZgNQ97FkX/E+Lt97IkW3F4OvAPwmcMUoaFu4vMBUq2L0BQZ:/TmK4iiR6XUq0Qw1rfyivGfSopD6uH0y
MD5:	6E6832896907F1F51F42BAE57CE341BC
SHA1:	9294AC513B5968808BE70F6EFE2D027E7837B989
SHA-256:	C65E4FF0B7A80E686858F6C34B686DE908540CCDE1A3AE5E627272DFC4E40D20
SHA-512:	BC04F0319512812E54A7E612991A7BD71FEAE1E955DAFCAEE407C835F70D1E1F4212E4085D123A046BFBFCE2F96BF9DD80B456E308B11D0584E933FE6D456324
Malicious:	false
Reputation:	low
Preview:	...............c.....y....R.............T....b..T......................................k...:...........................+.............................5........................................<...................................................(........2.....I..........:......................................................{........b...o...........................q...W...................m...........................Q...................................,......-......................c....................................]........a........................................................................=....(.......................6.=......................................=......................C...................C.....................K...................................................................................I..........................N...........................Y.......................................l.............c..................V.................L......................i..........

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\outchidden.dep

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	258798
Entropy (8bit):	1.2490334020377054
Encrypted:	false
SSDEEP:	768:T2PLd1hgU1SmVlqVwusTqMdrtd5jsctJuIsiIZtRlAf9tpjc9GI+DFENhHiXP7yj:ad1euLPsb39GIqFruRChk
MD5:	3269394F73B2ADA0574A74284D8B2E17
SHA1:	8CC597FD67D71D56F489C2B970682D9DED1392FC
SHA-256:	510850D30CEC95EB1A0BF4FCA7B7F0113F0D4C42726B794EFA98937AF62A516B
SHA-512:	A4BFAA7C52CF5EE5E9CDB900A3228A17109BFE46B08266DAE3057F17A6EAAAAB5DFD91DBB4833FA47FC961B5809FB41C340BCF82139ACD7A4B9AB54DF94351D8
Malicious:	false
Reputation:	low
Preview:	..........`................0...........................................................k.......................p.............................. .................................(...................................J...................... .\|......J..........H......A...............................................x..........w....................................J.................................................,.....M.[.............................................................l...................C....................................................o................9............................!......P...1..L..................d..7..........................................B.....8................................................................$.................................................... ..........................................'.F...............................................................................@..........................................V....sJ.0......Y.....c....\|....

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\pitocin.opl

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	323693
Entropy (8bit):	1.2536949862219147
Encrypted:	false
SSDEEP:	1536:FCN4UE4Tjyohd/qCWOGtHCIFy58RqmA3I:FCN4GiVCuyuw3I
MD5:	AEE2F83A7C4C7F24701B741521FB2E16
SHA1:	A8FEFDB29A731112A30BB5E2B3EF87B89A6D0F3E
SHA-256:	CAEBFE32548B8DC684AA35B144A20A99FA6F36692BED690DE4900691A525DA30
SHA-512:	075E80AC88843441E4B3A24D525DD1043AAEFCA9EBCB8C445E442C3B4F421C955A2A5A93D9E37327BB50228B81F2036C0D9842CFED7D186A05DABD5C211C3879
Malicious:	false
Reputation:	low
Preview:	..........^.......r..........................'.......................F.........................5...................&.Z..........p.......}......................................................................................................E...................................6... ............`.......................:.....................................................................J.......................................B............................................p..........n...........6.......................Z............................B.B...............[.....................................a@..............j.....................(.....-...R............................{.............................................Y.h................L..................................._............h....<.......................................l............................................~..............n................n......G............................................................................

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\umenneskernes.sem

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	218367
Entropy (8bit):	1.246980092990912
Encrypted:	false
SSDEEP:	768:5c8SYAdyufvUy3CuNMJAdaM+KCzP6QcG9wghZ0cL52j/i10qEDYiaXF44Xrrocc1:5hAdayyxFVZ64Xve5rsW4
MD5:	9EC9F165C9E1D40A5FE69E13F4E40BB2
SHA1:	4F35529EB907F3DD41D2F1C1F8114896B0049FEF
SHA-256:	3C494D3A6F8E831560EDCAF571F1AED0DB2699D951DCE31555FFC8EEB0C68E8E
SHA-512:	1F8BC071520584402BE5692375F40AF319914777AD3CF7CAF4291D4281E4FF3EB18FEE781F22C84F4336B8E403A21D59D8F4EECF17009DA34D7DA9B6B6EDA14F
Malicious:	false
Reputation:	low
Preview:	..............s..............:..........8......D...............n....1..g.................9.................................(....................................................a...........................................................................S.........................................................................................................................I.........................................................................S..3........7u.s.............................[.....................5.\....................................................y.............~........R..........a...................i..............................t.......................................................................................................................................................................................................................................................$.......\|.....y....................................0P...............q..........................

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\unikaer.kem

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	465079
Entropy (8bit):	1.2524740649146269
Encrypted:	false
SSDEEP:	1536:Rv7GJmqRTpKBSpacoAbleU7c0PReL6HSE1/hqQ79/:RzG5n7DRe+jqQ
MD5:	E2123D8FCF95DD997B5B57C859952C42
SHA1:	C57FA1122078B47A37E0D2FADD0ABC4C2B8B6185
SHA-256:	7D67F05679B2132F418A353DC26498F79E93133C482B28D20EE18C3A83534B3E
SHA-512:	1A5339D733B08A760BE0D69162422A3A9199AC496D970A57050C3C009FE9EF47095CE2F4D14E6F96F7CB5E870E1CAF8EAFE2AF4660FCEC2AADEAD2884F27A27D
Malicious:	false
Preview:	................................ ..................0..2............c....................z..../.............~...........W...........z...........~...............................P.............>...............................#..........R.......U.....3.........................................<....Y........$......................................U.............]s............................^.......................................................................7..................w...`...........................k...........................@.......c....................................k...........................y......Y................................................X..................................e....J......................?..r................!..0....................P...................%...........e..........7........v............................................a...........$...........................9........./...........................................................................M....

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Antiluftskytsets133\unimmaculately.bad

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	442049
Entropy (8bit):	1.2574037958564046
Encrypted:	false
SSDEEP:	1536:9U42WMwaAJbj1SWgmYjFLw5pUEx6Yszh92PbGwT/:9UM9ffpcFLwYuHszj2Pbf
MD5:	436F0693F85A9463E53FC25016A6E62E
SHA1:	70920FF51C4E0CAA612419FFB860FDDC24F0B7C5
SHA-256:	F4190EE3362CE3585A4A921077C1AD14E895C80AD7D17455B55AAC27335E2093
SHA-512:	CEC32BAF315AE9D3480D221E54503898E2EB31C5FD0B81A87852AD6EA566BA8584B0CA02D3E898C5CBB078F60B20EFA490F6B2D8D4F1ED22169C8DF2DC7BB392
Malicious:	false
Preview:	...............................................0....#..._...........................................................fs.....D.......v.................................^...................r....%.............O....;.........aH................1...................................\..............z.............................................................W.............m...............................................t..................-......................$........a...........................M.........`m..........o.....9.....I...............................................m@..............................1.........................................................................................>."............e...F.........F..................v...................................\|............................................................................>................e................................................................................................................p...........

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Baadmotoren.Geo

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	114943
Entropy (8bit):	4.604452274718302
Encrypted:	false
SSDEEP:	1536:CjeuMY6H5nEUWetVSG8/02hpWLHR5SqiNO5m2Ki7ohIyPUo35tlk5RKt:EeuMY6H9EUWr3h0jPSTN4m2eIycQtl1t
MD5:	F898FE59DC4DDFDF62192FEEE8E15230
SHA1:	452F53CD2BE9F599740371EF73EE6439DC562B91
SHA-256:	D5E2E2DC7571A812B08AC556C175F23BDB83ABDF0160A4101B0670E834E93DD9
SHA-512:	247CC61BDEF0731F093EF5D3A1EFB8C057A87CA5524A3750D2B7663662F989CD40551421973BF2FC98882317E43235A61A053D90E94F6E6F556F81201A9CEEA7
Malicious:	false
Preview:	.&&..........EEE.....u....................oo.....................................a..... .........!.....SSSS..c.........*..m.......................pp.....qqq...c.......................6........i.......x.......U.........h...................cc..O............{...........................BB...X.............((....ff.................a....!.....}...```.......N............J......i...66.....................i.............y...................\|\|\|\|\|\|............7...ddd..//............++.............................v..........................q..........................xx...>.e..........O........XX.]].k.555..................3.s.........WW....GG............................................. ............DDDD.???..........................f.........]......&&&............L......:..........'.(....33...!...=.....nnnnnnn..........{{....e.RRR.............%%.....CC...+...................%.`......::::.................................................66..\..............ooo.66.^^^........eee..................NN....

C:\Users\user\imaums\outadmiral\nedrunde\Amyliferous\Varmepuderne115.poa

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	246772
Entropy (8bit):	1.2570033577927036
Encrypted:	false
SSDEEP:	768:jF+X5GwMbRR6v/H4EwYatl23bka4FtbP30qIlbXc/B/VDYFgHUAHFLO3+u1uNnEA:jFROqkCEr2/Vd0WP9Ph0nVc
MD5:	51B771910E4858E4E5CDD09DF62F5BB8
SHA1:	8F52AC9FB80E1F75FB4C20112D83E41F6B51B9A5
SHA-256:	673C982F75C3CDD0EACAD35785FB01475D01964806072C2DE8E4B011C8EF4DB7
SHA-512:	ADE1E430583B64F3A8EE77931B24CD4C179A44CF5C88CA46444F41616812D524660274F426D5AB7EC62E0277B58EB5E13F737ABDFDCA83DB55853EAD4CA78E5F
Malicious:	false
Preview:	...............f......................-......................y.............R...............}.........~................................................................(................g...........................2...........................................................................................u...................W..............Z......_....................................m..........................................H........s.......................................Q........K..................................................b.....k...................................w....i.................................................t.........................................................................=.........................................................R.........[.....................................................\.....................3...........Z............................................................k.....................................H.....................q.......!.........

C:\Users\user\imaums\outadmiral\nedrunde\Thomismens\uninfringible.txt

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	379
Entropy (8bit):	4.329981128856023
Encrypted:	false
SSDEEP:	6:9xjkVqlVDbW189uc6q9KReE9cypokkFqpiL3XP2MkdmFiFNSdqkDrD60s++JuGgz:LxPDbWA9weQcyF+n+Mwm8FYFDKpJbJf0
MD5:	F6E659DE27C7920DA8122DCD7C1EBBFD
SHA1:	FF974B124B5C7F75694B9821FCF43A71E80FF8FD
SHA-256:	4014208ED19D8A82A79EF53A86178D0B3AAF527A872BBC34D4D55476BA52C66A
SHA-512:	77B7C164E8A422B7DB2B3FF9978689A2A67DF34F84DE2FBE25EF3517259908682DE46C59264A4C3CDDD5DBDE16EE37232678097EFEE26FADBA351332200CA010
Malicious:	false
Preview:	klodsmajorens frugtavlerens upboiling.topartisystemerne eyelash sartorii weightlifting.falcks zebeck commissionership orobanchaceous vilifies chokstarter,sammentrngningers crayoned physicomental aabenbare omnivident syrian cowbirds satsvis..ballastic citrul somatoplastic hypotekforeningernes lambert enevldiges formularlngderne.skarrehvlenes paratrichosis landwire alvorstalers,

C:\Users\user\imaums\outadmiral\nedrunde\Tudskraalende.Ild

Process:	C:\Users\user\Desktop\wmKmOQ868z.exe
File Type:	data
Category:	dropped
Size (bytes):	260866
Entropy (8bit):	7.7810408287486545
Encrypted:	false
SSDEEP:	6144:emZh1GBXSLO4Y3KnpFpsIUJzoEnBv5IEsv4vx3ayWFsGjozm:VZh1GBXS4CpsLzoElK7tVsB6
MD5:	7E324CB2571C4B71D2D7F4B95F97E5EB
SHA1:	7A9B0EDA45524123305D173849B9E71EC82928F9
SHA-256:	43FE2F78EC9116D38BBCBBBFF3BF77C6FB78EE97D3A875C13E8314D815E4F04D
SHA-512:	37F1E5FF7F22264939197B28F907088CC63C8853675412EBA901E13D11B261EF070F8FB9DF4E2FD5B50053EDE453F850750A2B2DCE09D06AE2D772FA1CFC0493
Malicious:	false
Preview:	........B..l.....JJJJ..z.....eee...........................................#.r.......k....''.............................++.....................................*.......--........................@@@.QQQQQ.......EEE..........MM.......5......\\\\.......55.ooo.......b..............\|\|..E......aa....W.......................................QQ....@@....c.........oooooo....S.A.W..z.W...fffff.............(((.............::.......''''..........0.........LLL.ee.r.....88..[.......yy.......((..4.....7.N...........RRRRR..............._........).ff.......1..v..........5...i.F...............@@@@@..ZZ..C......>.................H.'.H.MM.......P..D...........88.............@.DD.........%%..................,,,,............\\\...........................................#####.^^^^^.bb.....FF...ff......{.....J..........NNNNNNNNN..........g.....1................o.....g..2..........................eeeeee.....K. ................\.........&&..............zz.VVV....H.....[[[....................\|\|\|.[.............__

C:\Windows\Resources\primy.ini